You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by dk...@apache.org on 2021/09/02 03:17:00 UTC
[sling-org-apache-sling-committer-cli] 01/01: SLING-10775 -
Updating key download URL
This is an automated email from the ASF dual-hosted git repository.
dklco pushed a commit to branch SLING-10775
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-committer-cli.git
commit 9bde39fa4aecdf54d24f918c7386027f8f8654e1
Author: Dan Klco <kl...@adobe.com>
AuthorDate: Wed Sep 1 23:16:39 2021 -0400
SLING-10775 - Updating key download URL
---
.../sling/cli/impl/pgp/PGPSignatureValidator.java | 23 ++++++++++++---
.../cli/impl/pgp/PGPSignatureValidatorTest.java | 34 +++++++++++-----------
2 files changed, 36 insertions(+), 21 deletions(-)
diff --git a/src/main/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidator.java b/src/main/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidator.java
index d813061..a4e1322 100644
--- a/src/main/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidator.java
+++ b/src/main/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidator.java
@@ -21,6 +21,7 @@ package org.apache.sling.cli.impl.pgp;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
@@ -59,8 +60,16 @@ public class PGPSignatureValidator {
private HttpClientFactory httpClientFactory;
private static final String KEYS_FILE = "/tmp/sling-keys.asc";
+ private static final String KEYS_URL = "https://downloads.apache.org/sling/KEYS";
private PGPPublicKeyRingCollection keyRingCollection;
+ /**
+ * @return the keyRingCollection
+ */
+ public PGPPublicKeyRingCollection getKeyRingCollection() {
+ return keyRingCollection;
+ }
+
public ValidationResult verify(Path artifact, Path signature) {
try (InputStream fileStream = Files.newInputStream(artifact);
InputStream signatureStream = Files.newInputStream(signature)) {
@@ -94,10 +103,15 @@ public class PGPSignatureValidator {
if (Files.notExists(keysFilePath)) {
try {
try (CloseableHttpClient client = httpClientFactory.newClient()) {
- HttpGet get = new HttpGet("https://people.apache.org/keys/group/sling.asc");
+ HttpGet get = new HttpGet(KEYS_URL);
try (CloseableHttpResponse response = client.execute(get)) {
- try (InputStream content = response.getEntity().getContent()) {
- IOUtils.copy(content, new FileOutputStream(keysFilePath.toFile()));
+ if (response.getStatusLine().getStatusCode() != 200) {
+ throw new IllegalStateException("Invalid response '" + response.getStatusLine()
+ + "' downloading Sling key file from " + KEYS_URL);
+ }
+ try (InputStream content = response.getEntity().getContent();
+ OutputStream fileout = new FileOutputStream(keysFilePath.toFile())) {
+ IOUtils.copy(content, fileout);
}
}
}
@@ -123,7 +137,8 @@ public class PGPSignatureValidator {
if (!keyRings.isEmpty()) {
keyRingCollection = new PGPPublicKeyRingCollection(keyRings);
} else {
- throw new IllegalStateException(String.format("Sling keys file from %s does not contain any keys.", keysFile));
+ throw new IllegalStateException(
+ String.format("Sling keys file from %s does not contain any keys.", keysFile));
}
}
} catch (IOException | PGPException e) {
diff --git a/src/test/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidatorTest.java b/src/test/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidatorTest.java
index 9d9ed28..1a6c073 100644
--- a/src/test/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidatorTest.java
+++ b/src/test/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidatorTest.java
@@ -18,6 +18,10 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
package org.apache.sling.cli.impl.pgp;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.Iterator;
@@ -31,10 +35,6 @@ import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-
public class PGPSignatureValidatorTest {
private static final Map<String, String> SYSTEM_PROPS = new HashMap<>();
@@ -72,20 +72,20 @@ public class PGPSignatureValidatorTest {
assertTrue(foundId);
}
- @Test
+ @Test(expected = IllegalStateException.class)
public void verifyInvalidPGPSignatures() {
- Throwable expected = null;
- try {
- pgpSignatureValidator.verify(Paths.get("src/test/resources/nexus/orgapachesling-0" +
- "/org/apache/sling/adapter" +
- "-annotations/1.0" +
- ".0/adapter-annotations-1.0.0.pom"),
- Paths.get("src/test/resources/pgp/adapter-annotations-1.0.0.pom.invalid.asc"));
- } catch (Throwable e) {
- expected = e;
- }
- assertNotNull(expected);
- assertTrue(expected instanceof IllegalStateException);
+ pgpSignatureValidator.verify(Paths.get("src/test/resources/nexus/orgapachesling-0" +
+ "/org/apache/sling/adapter" +
+ "-annotations/1.0" +
+ ".0/adapter-annotations-1.0.0.pom"),
+ Paths.get("src/test/resources/pgp/adapter-annotations-1.0.0.pom.invalid.asc"));
+ }
+
+ @Test
+ public void testDownload(){
+ pgpSignatureValidator = context.registerInjectActivateService(new PGPSignatureValidator(), "sling.keys", "target/downloaded.asc");
+ assertNotNull(pgpSignatureValidator.getKeyRingCollection());
+ assertTrue(pgpSignatureValidator.getKeyRingCollection().iterator().hasNext());
}
@Test