opendev/gerrit
Code Issues Proposed changes

PublicKeyChecker: Drop expected user ID certification checks

Browse Source 
This was originally intended to match up the pusher identity from the
push cert to a certified user ID associated with the public key.
However, the pusher identity provided by the C git client is just
whatever the user used to identify their GPG key with the
user.signingkey config option. In effect, it only reflects the local
setup of the client's machine.

If we want to do some additional check that the OpenPGP User ID is
associated with a particular Gerrit user, that can be done, but would
be based on certifications signed by a trusted key stored entirely
within the public key on the server.

Change-Id: I90f60c1ab83703979218e2fac688e4b200c05895
This commit is contained in:
Dave Borowitz
2015-07-09 15:15:20 -07:00
parent 61003e99ce
commit 2896e2308a
3 changed files with 6 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
gerrit-server/src/test/java/com/google/gerrit/server/git/gpg/PublicKeyCheckerTest.java
View File

@@ -38,23 +38,12 @@ public class PublicKeyCheckerTest {
public void wrongKeyId() throws Exception {
TestKey k = TestKey.key1();
long badId = k.getKeyId() + 1;
CheckResult result = checker.check(
k.getPublicKey(), badId, k.getFirstUserId());
CheckResult result = checker.check(k.getPublicKey(), badId);
assertEquals(
Arrays.asList("Public key does not match ID 46328A8D"),
result.getProblems());
}
@Test
public void wrongUserId() throws Exception {
TestKey k = TestKey.key1();
CheckResult result = checker.check(
k.getPublicKey(), k.getKeyId(), "test2@example.com");
assertEquals(
Arrays.asList("No certification for User ID test2@example.com"),
result.getProblems());
}
@Test
public void keyExpiringInFuture() throws Exception {
assertProblems(TestKey.key2());
@@ -71,8 +60,7 @@ public class PublicKeyCheckerTest {
}
private void assertProblems(TestKey tk, String... expected) throws Exception {
CheckResult result = checker.check(
tk.getPublicKey(), tk.getKeyId(), tk.getFirstUserId());
CheckResult result = checker.check(tk.getPublicKey(), tk.getKeyId());
assertEquals(Arrays.asList(expected), result.getProblems());
}
}