Use GerritPublicKeyChecker in REST API handlers

Injecting PublicKeyChecker is possible, since it has a public no-args constructor, but is inadvisable, since it can't check against specific Gerrit users. Use GerritPublicKeyChecker instead. Change-Id: I6fb3ccef2908526d40d40861f9ea97c506ba1f74
2015-09-30 12:11:00 -04:00
parent aa4f161c6d
commit 7913766ece
2 changed files with 23 additions and 13 deletions
--- a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/GpgKeys.java
+++ b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/GpgKeys.java
@@ -34,6 +34,7 @@ import com.google.gerrit.extensions.restapi.RestView;
 import com.google.gerrit.gpg.BouncyCastleUtil;
 import com.google.gerrit.gpg.CheckResult;
 import com.google.gerrit.gpg.Fingerprint;
+import com.google.gerrit.gpg.GerritPublicKeyChecker;
 import com.google.gerrit.gpg.PublicKeyChecker;
 import com.google.gerrit.gpg.PublicKeyStore;
 import com.google.gerrit.reviewdb.client.Account;
@@ -70,17 +71,17 @@ public class GpgKeys implements
  private final DynamicMap<RestView<GpgKey>> views;
  private final Provider<ReviewDb> db;
  private final Provider<PublicKeyStore> storeProvider;
-  private final PublicKeyChecker checker;
+  private final GerritPublicKeyChecker.Factory checkerFactory;

  @Inject
  GpgKeys(DynamicMap<RestView<GpgKey>> views,
      Provider<ReviewDb> db,
      Provider<PublicKeyStore> storeProvider,
-      PublicKeyChecker checker) {
+      GerritPublicKeyChecker.Factory checkerFactory) {
    this.views = views;
    this.db = db;
    this.storeProvider = storeProvider;
-    this.checker = checker;
+    this.checkerFactory = checkerFactory;
  }

  @Override
@@ -160,7 +161,10 @@ public class GpgKeys implements
          for (PGPPublicKeyRing keyRing : store.get(keyId(fp))) {
            if (Arrays.equals(keyRing.getPublicKey().getFingerprint(), fp)) {
              found = true;
-              GpgKeyInfo info = toJson(keyRing, checker, store);
+              GpgKeyInfo info = toJson(
+                  keyRing,
+                  checkerFactory.create(rsrc.getUser()),
+                  store);
              keys.put(info.id, info);
              info.id = null;
              break;
@@ -179,19 +183,22 @@ public class GpgKeys implements
  @Singleton
  public static class Get implements RestReadView<GpgKey> {
    private final Provider<PublicKeyStore> storeProvider;
-    private final PublicKeyChecker checker;
+    private final GerritPublicKeyChecker.Factory checkerFactory;

    @Inject
    Get(Provider<PublicKeyStore> storeProvider,
-        PublicKeyChecker checker) {
+        GerritPublicKeyChecker.Factory checkerFactory) {
      this.storeProvider = storeProvider;
-      this.checker = checker;
+      this.checkerFactory = checkerFactory;
    }

    @Override
    public GpgKeyInfo apply(GpgKey rsrc) throws IOException {
      try (PublicKeyStore store = storeProvider.get()) {
-        return toJson(rsrc.getKeyRing(), checker, store);
+        return toJson(
+            rsrc.getKeyRing(),
+            checkerFactory.create(rsrc.getUser()),
+            store);
      }
    }
  }
--- a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/PostGpgKeys.java
+++ b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/PostGpgKeys.java
@@ -36,12 +36,12 @@ import com.google.gerrit.extensions.restapi.RestModifyView;
 import com.google.gerrit.gpg.CheckResult;
 import com.google.gerrit.gpg.Fingerprint;
 import com.google.gerrit.gpg.GerritPublicKeyChecker;
-import com.google.gerrit.gpg.PublicKeyChecker;
 import com.google.gerrit.gpg.PublicKeyStore;
 import com.google.gerrit.gpg.server.PostGpgKeys.Input;
 import com.google.gerrit.reviewdb.client.AccountExternalId;
 import com.google.gerrit.reviewdb.server.ReviewDb;
 import com.google.gerrit.server.GerritPersonIdent;
+import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.account.AccountResource;
 import com.google.gerrit.server.mail.AddKeySender;
 import com.google.gwtorm.server.OrmException;
@@ -136,7 +136,7 @@ public class PostGpgKeys implements RestModifyView<AccountResource, Input> {
              return toExtIdKey(fp.get());
            }
          }));
-      return toJson(newKeys, toRemove, store);
+      return toJson(newKeys, toRemove, store, rsrc.getUser());
    }
  }

@@ -239,10 +239,13 @@ public class PostGpgKeys implements RestModifyView<AccountResource, Input> {
        BaseEncoding.base16().encode(fp));
  }

-  private static Map<String, GpgKeyInfo> toJson(
+  private Map<String, GpgKeyInfo> toJson(
      Collection<PGPPublicKeyRing> keys,
-      Set<Fingerprint> deleted, PublicKeyStore store) throws IOException {
-    PublicKeyChecker checker = new PublicKeyChecker();
+      Set<Fingerprint> deleted, PublicKeyStore store, IdentifiedUser user)
+      throws IOException {
+    // Unlike when storing keys, include web-of-trust checks when producing
+    // result JSON, so the user at least knows of any issues.
+    GerritPublicKeyChecker checker = checkerFactory.create(user);
    Map<String, GpgKeyInfo> infos =
        Maps.newHashMapWithExpectedSize(keys.size() + deleted.size());
    for (PGPPublicKeyRing keyRing : keys) {