This is an automated email from the ASF dual-hosted git repository. dklco pushed a commit to branch SLING-10775 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-committer-cli.git
commit 9bde39fa4aecdf54d24f918c7386027f8f8654e1 Author: Dan Klco <[email protected]> AuthorDate: Wed Sep 1 23:16:39 2021 -0400 SLING-10775 - Updating key download URL --- .../sling/cli/impl/pgp/PGPSignatureValidator.java | 23 ++++++++++++--- .../cli/impl/pgp/PGPSignatureValidatorTest.java | 34 +++++++++++----------- 2 files changed, 36 insertions(+), 21 deletions(-) diff --git a/src/main/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidator.java b/src/main/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidator.java index d813061..a4e1322 100644 --- a/src/main/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidator.java +++ b/src/main/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidator.java @@ -21,6 +21,7 @@ package org.apache.sling.cli.impl.pgp; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; +import java.io.OutputStream; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -59,8 +60,16 @@ public class PGPSignatureValidator { private HttpClientFactory httpClientFactory; private static final String KEYS_FILE = "/tmp/sling-keys.asc"; + private static final String KEYS_URL = "https://downloads.apache.org/sling/KEYS";; private PGPPublicKeyRingCollection keyRingCollection; + /** + * @return the keyRingCollection + */ + public PGPPublicKeyRingCollection getKeyRingCollection() { + return keyRingCollection; + } + public ValidationResult verify(Path artifact, Path signature) { try (InputStream fileStream = Files.newInputStream(artifact); InputStream signatureStream = Files.newInputStream(signature)) { @@ -94,10 +103,15 @@ public class PGPSignatureValidator { if (Files.notExists(keysFilePath)) { try { try (CloseableHttpClient client = httpClientFactory.newClient()) { - HttpGet get = new HttpGet("https://people.apache.org/keys/group/sling.asc";); + HttpGet get = new HttpGet(KEYS_URL); try (CloseableHttpResponse response = client.execute(get)) { - try (InputStream content = response.getEntity().getContent()) { - IOUtils.copy(content, new FileOutputStream(keysFilePath.toFile())); + if (response.getStatusLine().getStatusCode() != 200) { + throw new IllegalStateException("Invalid response '" + response.getStatusLine() + + "' downloading Sling key file from " + KEYS_URL); + } + try (InputStream content = response.getEntity().getContent(); + OutputStream fileout = new FileOutputStream(keysFilePath.toFile())) { + IOUtils.copy(content, fileout); } } } @@ -123,7 +137,8 @@ public class PGPSignatureValidator { if (!keyRings.isEmpty()) { keyRingCollection = new PGPPublicKeyRingCollection(keyRings); } else { - throw new IllegalStateException(String.format("Sling keys file from %s does not contain any keys.", keysFile)); + throw new IllegalStateException( + String.format("Sling keys file from %s does not contain any keys.", keysFile)); } } } catch (IOException | PGPException e) { diff --git a/src/test/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidatorTest.java b/src/test/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidatorTest.java index 9d9ed28..1a6c073 100644 --- a/src/test/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidatorTest.java +++ b/src/test/java/org/apache/sling/cli/impl/pgp/PGPSignatureValidatorTest.java @@ -18,6 +18,10 @@ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ package org.apache.sling.cli.impl.pgp; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + import java.nio.file.Paths; import java.util.HashMap; import java.util.Iterator; @@ -31,10 +35,6 @@ import org.junit.Before; import org.junit.Rule; import org.junit.Test; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; - public class PGPSignatureValidatorTest { private static final Map<String, String> SYSTEM_PROPS = new HashMap<>(); @@ -72,20 +72,20 @@ public class PGPSignatureValidatorTest { assertTrue(foundId); } - @Test + @Test(expected = IllegalStateException.class) public void verifyInvalidPGPSignatures() { - Throwable expected = null; - try { - pgpSignatureValidator.verify(Paths.get("src/test/resources/nexus/orgapachesling-0" + - "/org/apache/sling/adapter" + - "-annotations/1.0" + - ".0/adapter-annotations-1.0.0.pom"), - Paths.get("src/test/resources/pgp/adapter-annotations-1.0.0.pom.invalid.asc")); - } catch (Throwable e) { - expected = e; - } - assertNotNull(expected); - assertTrue(expected instanceof IllegalStateException); + pgpSignatureValidator.verify(Paths.get("src/test/resources/nexus/orgapachesling-0" + + "/org/apache/sling/adapter" + + "-annotations/1.0" + + ".0/adapter-annotations-1.0.0.pom"), + Paths.get("src/test/resources/pgp/adapter-annotations-1.0.0.pom.invalid.asc")); + } + + @Test + public void testDownload(){ + pgpSignatureValidator = context.registerInjectActivateService(new PGPSignatureValidator(), "sling.keys", "target/downloaded.asc"); + assertNotNull(pgpSignatureValidator.getKeyRingCollection()); + assertTrue(pgpSignatureValidator.getKeyRingCollection().iterator().hasNext()); } @Test
