You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by dk...@apache.org on 2021/09/02 03:16:59 UTC
[sling-org-apache-sling-committer-cli] branch SLING-10775 created
(now 9bde39f)
This is an automated email from the ASF dual-hosted git repository.
dklco pushed a change to branch SLING-10775
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-committer-cli.git.
at 9bde39f SLING-10775 - Updating key download URL
This branch includes the following new commits:
new 9bde39f SLING-10775 - Updating key download URL
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[sling-org-apache-sling-committer-cli] 01/01: SLING-10775 -
Updating key download URL
Posted by dk...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
dklco pushed a commit to branch SLING-10775
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-committer-cli.git
commit 9bde39fa4aecdf54d24f918c7386027f8f8654e1
Author: Dan Klco <kl...@adobe.com>
AuthorDate: Wed Sep 1 23:16:39 2021 -0400
SLING-10775 - Updating key download URL
---
.../sling/cli/impl/pgp/PGPSignatureValidator.java | 23 ++++++++++++---
.../cli/impl/pgp/PGPSignatureValidatorTest.java | 34 +++++++++++-----------
2 files changed, 36 insertions(+), 21 deletions(-)
diff --git a/src/main/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidator.java b/src/main/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidator.java
index d813061..a4e1322 100644
--- a/src/main/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidator.java
+++ b/src/main/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidator.java
@@ -21,6 +21,7 @@ package org.apache.sling.cli.impl.pgp;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
@@ -59,8 +60,16 @@ public class PGPSignatureValidator {
private HttpClientFactory httpClientFactory;
private static final String KEYS_FILE = "/tmp/sling-keys.asc";
+ private static final String KEYS_URL = "https://downloads.apache.org/sling/KEYS";
private PGPPublicKeyRingCollection keyRingCollection;
+ /**
+ * @return the keyRingCollection
+ */
+ public PGPPublicKeyRingCollection getKeyRingCollection() {
+ return keyRingCollection;
+ }
+
public ValidationResult verify(Path artifact, Path signature) {
try (InputStream fileStream = Files.newInputStream(artifact);
InputStream signatureStream = Files.newInputStream(signature)) {
@@ -94,10 +103,15 @@ public class PGPSignatureValidator {
if (Files.notExists(keysFilePath)) {
try {
try (CloseableHttpClient client = httpClientFactory.newClient()) {
- HttpGet get = new HttpGet("https://people.apache.org/keys/group/sling.asc");
+ HttpGet get = new HttpGet(KEYS_URL);
try (CloseableHttpResponse response = client.execute(get)) {
- try (InputStream content = response.getEntity().getContent()) {
- IOUtils.copy(content, new FileOutputStream(keysFilePath.toFile()));
+ if (response.getStatusLine().getStatusCode() != 200) {
+ throw new IllegalStateException("Invalid response '" + response.getStatusLine()
+ + "' downloading Sling key file from " + KEYS_URL);
+ }
+ try (InputStream content = response.getEntity().getContent();
+ OutputStream fileout = new FileOutputStream(keysFilePath.toFile())) {
+ IOUtils.copy(content, fileout);
}
}
}
@@ -123,7 +137,8 @@ public class PGPSignatureValidator {
if (!keyRings.isEmpty()) {
keyRingCollection = new PGPPublicKeyRingCollection(keyRings);
} else {
- throw new IllegalStateException(String.format("Sling keys file from %s does not contain any keys.", keysFile));
+ throw new IllegalStateException(
+ String.format("Sling keys file from %s does not contain any keys.", keysFile));
}
}
} catch (IOException | PGPException e) {
diff --git a/src/test/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidatorTest.java b/src/test/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidatorTest.java
index 9d9ed28..1a6c073 100644
--- a/src/test/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidatorTest.java
+++ b/src/test/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidatorTest.java
@@ -18,6 +18,10 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
package org.apache.sling.cli.impl.pgp;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.Iterator;
@@ -31,10 +35,6 @@ import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-
public class PGPSignatureValidatorTest {
private static final Map<String, String> SYSTEM_PROPS = new HashMap<>();
@@ -72,20 +72,20 @@ public class PGPSignatureValidatorTest {
assertTrue(foundId);
}
- @Test
+ @Test(expected = IllegalStateException.class)
public void verifyInvalidPGPSignatures() {
- Throwable expected = null;
- try {
- pgpSignatureValidator.verify(Paths.get("src/test/resources/nexus/orgapachesling-0" +
- "/org/apache/sling/adapter" +
- "-annotations/1.0" +
- ".0/adapter-annotations-1.0.0.pom"),
- Paths.get("src/test/resources/pgp/adapter-annotations-1.0.0.pom.invalid.asc"));
- } catch (Throwable e) {
- expected = e;
- }
- assertNotNull(expected);
- assertTrue(expected instanceof IllegalStateException);
+ pgpSignatureValidator.verify(Paths.get("src/test/resources/nexus/orgapachesling-0" +
+ "/org/apache/sling/adapter" +
+ "-annotations/1.0" +
+ ".0/adapter-annotations-1.0.0.pom"),
+ Paths.get("src/test/resources/pgp/adapter-annotations-1.0.0.pom.invalid.asc"));
+ }
+
+ @Test
+ public void testDownload(){
+ pgpSignatureValidator = context.registerInjectActivateService(new PGPSignatureValidator(), "sling.keys", "target/downloaded.asc");
+ assertNotNull(pgpSignatureValidator.getKeyRingCollection());
+ assertTrue(pgpSignatureValidator.getKeyRingCollection().iterator().hasNext());
}
@Test