GpgKeys: Only expose to the current user
Change-Id: I51a48b5150b5167170e160d6ec7690e9650265f4
This commit is contained in:
parent
f06399baea
commit
67febdd44e
@ -40,6 +40,7 @@ import com.google.gerrit.gpg.PublicKeyStore;
|
|||||||
import com.google.gerrit.reviewdb.client.Account;
|
import com.google.gerrit.reviewdb.client.Account;
|
||||||
import com.google.gerrit.reviewdb.client.AccountExternalId;
|
import com.google.gerrit.reviewdb.client.AccountExternalId;
|
||||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||||
|
import com.google.gerrit.server.CurrentUser;
|
||||||
import com.google.gerrit.server.account.AccountResource;
|
import com.google.gerrit.server.account.AccountResource;
|
||||||
import com.google.gwtorm.server.OrmException;
|
import com.google.gwtorm.server.OrmException;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
@ -70,16 +71,19 @@ public class GpgKeys implements
|
|||||||
|
|
||||||
private final DynamicMap<RestView<GpgKey>> views;
|
private final DynamicMap<RestView<GpgKey>> views;
|
||||||
private final Provider<ReviewDb> db;
|
private final Provider<ReviewDb> db;
|
||||||
|
private final Provider<CurrentUser> self;
|
||||||
private final Provider<PublicKeyStore> storeProvider;
|
private final Provider<PublicKeyStore> storeProvider;
|
||||||
private final GerritPublicKeyChecker.Factory checkerFactory;
|
private final GerritPublicKeyChecker.Factory checkerFactory;
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
GpgKeys(DynamicMap<RestView<GpgKey>> views,
|
GpgKeys(DynamicMap<RestView<GpgKey>> views,
|
||||||
Provider<ReviewDb> db,
|
Provider<ReviewDb> db,
|
||||||
|
Provider<CurrentUser> self,
|
||||||
Provider<PublicKeyStore> storeProvider,
|
Provider<PublicKeyStore> storeProvider,
|
||||||
GerritPublicKeyChecker.Factory checkerFactory) {
|
GerritPublicKeyChecker.Factory checkerFactory) {
|
||||||
this.views = views;
|
this.views = views;
|
||||||
this.db = db;
|
this.db = db;
|
||||||
|
this.self = self;
|
||||||
this.storeProvider = storeProvider;
|
this.storeProvider = storeProvider;
|
||||||
this.checkerFactory = checkerFactory;
|
this.checkerFactory = checkerFactory;
|
||||||
}
|
}
|
||||||
@ -87,7 +91,6 @@ public class GpgKeys implements
|
|||||||
@Override
|
@Override
|
||||||
public ListGpgKeys list()
|
public ListGpgKeys list()
|
||||||
throws ResourceNotFoundException, AuthException {
|
throws ResourceNotFoundException, AuthException {
|
||||||
checkEnabled();
|
|
||||||
return new ListGpgKeys();
|
return new ListGpgKeys();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -95,7 +98,7 @@ public class GpgKeys implements
|
|||||||
public GpgKey parse(AccountResource parent, IdString id)
|
public GpgKey parse(AccountResource parent, IdString id)
|
||||||
throws ResourceNotFoundException, PGPException, OrmException,
|
throws ResourceNotFoundException, PGPException, OrmException,
|
||||||
IOException {
|
IOException {
|
||||||
checkEnabled();
|
checkVisible(self, parent);
|
||||||
String str = CharMatcher.WHITESPACE.removeFrom(id.get()).toUpperCase();
|
String str = CharMatcher.WHITESPACE.removeFrom(id.get()).toUpperCase();
|
||||||
if ((str.length() != 8 && str.length() != 40)
|
if ((str.length() != 8 && str.length() != 40)
|
||||||
|| !CharMatcher.anyOf("0123456789ABCDEF").matchesAllOf(str)) {
|
|| !CharMatcher.anyOf("0123456789ABCDEF").matchesAllOf(str)) {
|
||||||
@ -151,7 +154,9 @@ public class GpgKeys implements
|
|||||||
public class ListGpgKeys implements RestReadView<AccountResource> {
|
public class ListGpgKeys implements RestReadView<AccountResource> {
|
||||||
@Override
|
@Override
|
||||||
public Map<String, GpgKeyInfo> apply(AccountResource rsrc)
|
public Map<String, GpgKeyInfo> apply(AccountResource rsrc)
|
||||||
throws OrmException, PGPException, IOException {
|
throws OrmException, PGPException, IOException,
|
||||||
|
ResourceNotFoundException {
|
||||||
|
checkVisible(self, rsrc);
|
||||||
Map<String, GpgKeyInfo> keys = new HashMap<>();
|
Map<String, GpgKeyInfo> keys = new HashMap<>();
|
||||||
try (PublicKeyStore store = storeProvider.get()) {
|
try (PublicKeyStore store = storeProvider.get()) {
|
||||||
for (AccountExternalId extId : getGpgExtIds(rsrc)) {
|
for (AccountExternalId extId : getGpgExtIds(rsrc)) {
|
||||||
@ -225,10 +230,14 @@ public class GpgKeys implements
|
|||||||
return NB.decodeInt64(fp, fp.length - 8);
|
return NB.decodeInt64(fp, fp.length - 8);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void checkEnabled() throws ResourceNotFoundException {
|
static void checkVisible(Provider<CurrentUser> self, AccountResource rsrc)
|
||||||
|
throws ResourceNotFoundException {
|
||||||
if (!BouncyCastleUtil.havePGP()) {
|
if (!BouncyCastleUtil.havePGP()) {
|
||||||
throw new ResourceNotFoundException("GPG not enabled");
|
throw new ResourceNotFoundException("GPG not enabled");
|
||||||
}
|
}
|
||||||
|
if (self.get() != rsrc.getUser()) {
|
||||||
|
throw new ResourceNotFoundException();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static GpgKeyInfo toJson(PGPPublicKey key, CheckResult checkResult)
|
public static GpgKeyInfo toJson(PGPPublicKey key, CheckResult checkResult)
|
||||||
|
@ -41,6 +41,7 @@ import com.google.gerrit.gpg.PublicKeyStore;
|
|||||||
import com.google.gerrit.gpg.server.PostGpgKeys.Input;
|
import com.google.gerrit.gpg.server.PostGpgKeys.Input;
|
||||||
import com.google.gerrit.reviewdb.client.AccountExternalId;
|
import com.google.gerrit.reviewdb.client.AccountExternalId;
|
||||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||||
|
import com.google.gerrit.server.CurrentUser;
|
||||||
import com.google.gerrit.server.GerritPersonIdent;
|
import com.google.gerrit.server.GerritPersonIdent;
|
||||||
import com.google.gerrit.server.IdentifiedUser;
|
import com.google.gerrit.server.IdentifiedUser;
|
||||||
import com.google.gerrit.server.account.AccountResource;
|
import com.google.gerrit.server.account.AccountResource;
|
||||||
@ -80,6 +81,7 @@ public class PostGpgKeys implements RestModifyView<AccountResource, Input> {
|
|||||||
private final Logger log = LoggerFactory.getLogger(getClass());
|
private final Logger log = LoggerFactory.getLogger(getClass());
|
||||||
private final Provider<PersonIdent> serverIdent;
|
private final Provider<PersonIdent> serverIdent;
|
||||||
private final Provider<ReviewDb> db;
|
private final Provider<ReviewDb> db;
|
||||||
|
private final Provider<CurrentUser> self;
|
||||||
private final Provider<PublicKeyStore> storeProvider;
|
private final Provider<PublicKeyStore> storeProvider;
|
||||||
private final GerritPublicKeyChecker.Factory checkerFactory;
|
private final GerritPublicKeyChecker.Factory checkerFactory;
|
||||||
private final AddKeySender.Factory addKeyFactory;
|
private final AddKeySender.Factory addKeyFactory;
|
||||||
@ -87,11 +89,13 @@ public class PostGpgKeys implements RestModifyView<AccountResource, Input> {
|
|||||||
@Inject
|
@Inject
|
||||||
PostGpgKeys(@GerritPersonIdent Provider<PersonIdent> serverIdent,
|
PostGpgKeys(@GerritPersonIdent Provider<PersonIdent> serverIdent,
|
||||||
Provider<ReviewDb> db,
|
Provider<ReviewDb> db,
|
||||||
|
Provider<CurrentUser> self,
|
||||||
Provider<PublicKeyStore> storeProvider,
|
Provider<PublicKeyStore> storeProvider,
|
||||||
GerritPublicKeyChecker.Factory checkerFactory,
|
GerritPublicKeyChecker.Factory checkerFactory,
|
||||||
AddKeySender.Factory addKeyFactory) {
|
AddKeySender.Factory addKeyFactory) {
|
||||||
this.serverIdent = serverIdent;
|
this.serverIdent = serverIdent;
|
||||||
this.db = db;
|
this.db = db;
|
||||||
|
this.self = self;
|
||||||
this.storeProvider = storeProvider;
|
this.storeProvider = storeProvider;
|
||||||
this.checkerFactory = checkerFactory;
|
this.checkerFactory = checkerFactory;
|
||||||
this.addKeyFactory = addKeyFactory;
|
this.addKeyFactory = addKeyFactory;
|
||||||
@ -101,7 +105,7 @@ public class PostGpgKeys implements RestModifyView<AccountResource, Input> {
|
|||||||
public Map<String, GpgKeyInfo> apply(AccountResource rsrc, Input input)
|
public Map<String, GpgKeyInfo> apply(AccountResource rsrc, Input input)
|
||||||
throws ResourceNotFoundException, BadRequestException,
|
throws ResourceNotFoundException, BadRequestException,
|
||||||
ResourceConflictException, PGPException, OrmException, IOException {
|
ResourceConflictException, PGPException, OrmException, IOException {
|
||||||
GpgKeys.checkEnabled();
|
GpgKeys.checkVisible(self, rsrc);
|
||||||
|
|
||||||
List<AccountExternalId> existingExtIds =
|
List<AccountExternalId> existingExtIds =
|
||||||
GpgKeys.getGpgExtIds(db.get(), rsrc.getUser().getAccountId()).toList();
|
GpgKeys.getGpgExtIds(db.get(), rsrc.getUser().getAccountId()).toList();
|
||||||
|
Loading…
Reference in New Issue
Block a user