GpgKeys: Only expose to the current user
Change-Id: I51a48b5150b5167170e160d6ec7690e9650265f4
This commit is contained in:
parent
f06399baea
commit
67febdd44e
@ -40,6 +40,7 @@ import com.google.gerrit.gpg.PublicKeyStore;
|
||||
import com.google.gerrit.reviewdb.client.Account;
|
||||
import com.google.gerrit.reviewdb.client.AccountExternalId;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.account.AccountResource;
|
||||
import com.google.gwtorm.server.OrmException;
|
||||
import com.google.inject.Inject;
|
||||
@ -70,16 +71,19 @@ public class GpgKeys implements
|
||||
|
||||
private final DynamicMap<RestView<GpgKey>> views;
|
||||
private final Provider<ReviewDb> db;
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Provider<PublicKeyStore> storeProvider;
|
||||
private final GerritPublicKeyChecker.Factory checkerFactory;
|
||||
|
||||
@Inject
|
||||
GpgKeys(DynamicMap<RestView<GpgKey>> views,
|
||||
Provider<ReviewDb> db,
|
||||
Provider<CurrentUser> self,
|
||||
Provider<PublicKeyStore> storeProvider,
|
||||
GerritPublicKeyChecker.Factory checkerFactory) {
|
||||
this.views = views;
|
||||
this.db = db;
|
||||
this.self = self;
|
||||
this.storeProvider = storeProvider;
|
||||
this.checkerFactory = checkerFactory;
|
||||
}
|
||||
@ -87,7 +91,6 @@ public class GpgKeys implements
|
||||
@Override
|
||||
public ListGpgKeys list()
|
||||
throws ResourceNotFoundException, AuthException {
|
||||
checkEnabled();
|
||||
return new ListGpgKeys();
|
||||
}
|
||||
|
||||
@ -95,7 +98,7 @@ public class GpgKeys implements
|
||||
public GpgKey parse(AccountResource parent, IdString id)
|
||||
throws ResourceNotFoundException, PGPException, OrmException,
|
||||
IOException {
|
||||
checkEnabled();
|
||||
checkVisible(self, parent);
|
||||
String str = CharMatcher.WHITESPACE.removeFrom(id.get()).toUpperCase();
|
||||
if ((str.length() != 8 && str.length() != 40)
|
||||
|| !CharMatcher.anyOf("0123456789ABCDEF").matchesAllOf(str)) {
|
||||
@ -151,7 +154,9 @@ public class GpgKeys implements
|
||||
public class ListGpgKeys implements RestReadView<AccountResource> {
|
||||
@Override
|
||||
public Map<String, GpgKeyInfo> apply(AccountResource rsrc)
|
||||
throws OrmException, PGPException, IOException {
|
||||
throws OrmException, PGPException, IOException,
|
||||
ResourceNotFoundException {
|
||||
checkVisible(self, rsrc);
|
||||
Map<String, GpgKeyInfo> keys = new HashMap<>();
|
||||
try (PublicKeyStore store = storeProvider.get()) {
|
||||
for (AccountExternalId extId : getGpgExtIds(rsrc)) {
|
||||
@ -225,10 +230,14 @@ public class GpgKeys implements
|
||||
return NB.decodeInt64(fp, fp.length - 8);
|
||||
}
|
||||
|
||||
static void checkEnabled() throws ResourceNotFoundException {
|
||||
static void checkVisible(Provider<CurrentUser> self, AccountResource rsrc)
|
||||
throws ResourceNotFoundException {
|
||||
if (!BouncyCastleUtil.havePGP()) {
|
||||
throw new ResourceNotFoundException("GPG not enabled");
|
||||
}
|
||||
if (self.get() != rsrc.getUser()) {
|
||||
throw new ResourceNotFoundException();
|
||||
}
|
||||
}
|
||||
|
||||
public static GpgKeyInfo toJson(PGPPublicKey key, CheckResult checkResult)
|
||||
|
@ -41,6 +41,7 @@ import com.google.gerrit.gpg.PublicKeyStore;
|
||||
import com.google.gerrit.gpg.server.PostGpgKeys.Input;
|
||||
import com.google.gerrit.reviewdb.client.AccountExternalId;
|
||||
import com.google.gerrit.reviewdb.server.ReviewDb;
|
||||
import com.google.gerrit.server.CurrentUser;
|
||||
import com.google.gerrit.server.GerritPersonIdent;
|
||||
import com.google.gerrit.server.IdentifiedUser;
|
||||
import com.google.gerrit.server.account.AccountResource;
|
||||
@ -80,6 +81,7 @@ public class PostGpgKeys implements RestModifyView<AccountResource, Input> {
|
||||
private final Logger log = LoggerFactory.getLogger(getClass());
|
||||
private final Provider<PersonIdent> serverIdent;
|
||||
private final Provider<ReviewDb> db;
|
||||
private final Provider<CurrentUser> self;
|
||||
private final Provider<PublicKeyStore> storeProvider;
|
||||
private final GerritPublicKeyChecker.Factory checkerFactory;
|
||||
private final AddKeySender.Factory addKeyFactory;
|
||||
@ -87,11 +89,13 @@ public class PostGpgKeys implements RestModifyView<AccountResource, Input> {
|
||||
@Inject
|
||||
PostGpgKeys(@GerritPersonIdent Provider<PersonIdent> serverIdent,
|
||||
Provider<ReviewDb> db,
|
||||
Provider<CurrentUser> self,
|
||||
Provider<PublicKeyStore> storeProvider,
|
||||
GerritPublicKeyChecker.Factory checkerFactory,
|
||||
AddKeySender.Factory addKeyFactory) {
|
||||
this.serverIdent = serverIdent;
|
||||
this.db = db;
|
||||
this.self = self;
|
||||
this.storeProvider = storeProvider;
|
||||
this.checkerFactory = checkerFactory;
|
||||
this.addKeyFactory = addKeyFactory;
|
||||
@ -101,7 +105,7 @@ public class PostGpgKeys implements RestModifyView<AccountResource, Input> {
|
||||
public Map<String, GpgKeyInfo> apply(AccountResource rsrc, Input input)
|
||||
throws ResourceNotFoundException, BadRequestException,
|
||||
ResourceConflictException, PGPException, OrmException, IOException {
|
||||
GpgKeys.checkEnabled();
|
||||
GpgKeys.checkVisible(self, rsrc);
|
||||
|
||||
List<AccountExternalId> existingExtIds =
|
||||
GpgKeys.getGpgExtIds(db.get(), rsrc.getUser().getAccountId()).toList();
|
||||
|
Loading…
Reference in New Issue
Block a user