From: <gr...@us...> - 2008-12-13 23:40:41
|
Revision: 4326 http://phex.svn.sourceforge.net/phex/?rev=4326&view=rev Author: gregork Date: 2008-12-13 23:40:36 +0000 (Sat, 13 Dec 2008) Log Message: ----------- fixed build Modified Paths: -------------- phex/trunk/installer/phex_nsi.template phex/trunk/pom.xml phex/trunk/src/main/java/phex/gwebcache/GWebCacheConnection.java phex/trunk/src/main/java/phex/update/UpdateCheckRunner.java phex/trunk/src/main/java/phex/utils/RandomUtils.java phex/trunk/src/main/resources/META-INF/MANIFEST.MF phex/trunk/src/test/java/phex/test/TestUpdateChecker.java Added Paths: ----------- phex/trunk/src/main/java/phex/common/OpenPgpToolkit.java phex/trunk/src/test/java/phex/update/ phex/trunk/src/test/java/phex/update/UpdateCheckRunnerTest.java Modified: phex/trunk/installer/phex_nsi.template =================================================================== --- phex/trunk/installer/phex_nsi.template 2008-12-13 19:09:37 UTC (rev 4325) +++ phex/trunk/installer/phex_nsi.template 2008-12-13 23:40:36 UTC (rev 4326) @@ -92,6 +92,8 @@ File "@nsis.SourceDir@\lib\slf4j-api-1.5.3.jar" File "@nsis.SourceDir@\lib\commons-httpclient-3.0.1.jar" File "@nsis.SourceDir@\lib\commons-collections-3.2.jar" +File "@nsis.SourceDir@\lib\bcprov-jdk15-140.jar" +File "@nsis.SourceDir@\lib\bcpg-jdk15-140.jar" ; SetOutPath "$INSTDIR\readme" ; File "@nsis.SourceDir@\readme\changelog.txt" @@ -162,6 +164,8 @@ Delete "$INSTDIR\lib\slf4j-api-1.5.3.jar" Delete "$INSTDIR\lib\commons-httpclient-3.0.1.jar" Delete "$INSTDIR\lib\commons-collections-3.2.jar" +Delete "$INSTDIR\lib\bcprov-jdk15-140.jar" +Delete "$INSTDIR\lib\bcpg-jdk15-140.jar" ; Delete "$INSTDIR\readme\changelog.txt" ; Delete "$INSTDIR\readme\contributors.txt" Modified: phex/trunk/pom.xml =================================================================== --- phex/trunk/pom.xml 2008-12-13 19:09:37 UTC (rev 4325) +++ phex/trunk/pom.xml 2008-12-13 23:40:36 UTC (rev 4326) @@ -52,6 +52,12 @@ </dependency> <dependency> <groupId>bouncycastle</groupId> + <artifactId>bcprov-jdk15</artifactId> + <version>140</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>bouncycastle</groupId> <artifactId>bcpg-jdk15</artifactId> <version>140</version> <scope>compile</scope> Added: phex/trunk/src/main/java/phex/common/OpenPgpToolkit.java =================================================================== --- phex/trunk/src/main/java/phex/common/OpenPgpToolkit.java (rev 0) +++ phex/trunk/src/main/java/phex/common/OpenPgpToolkit.java 2008-12-13 23:40:36 UTC (rev 4326) @@ -0,0 +1,98 @@ +package phex.common; + +import java.io.IOException; +import java.io.InputStream; +import java.security.Security; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.methods.GetMethod; +import org.bouncycastle.bcpg.ArmoredInputStream; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPPublicKey; +import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import phex.http.HTTPHeaderNames; +import phex.http.HttpClientFactory; +import phex.prefs.core.ProxyPrefs; +import phex.utils.HexConverter; +import phex.utils.IOUtil; +import phex.utils.RandomUtils; +import phex.utils.StringUtils; + +public class OpenPgpToolkit +{ + private static final Logger logger = LoggerFactory.getLogger( OpenPgpToolkit.class ); + + static + { + Security.addProvider(new BouncyCastleProvider()); + } + + /** + * We only use servers supporting port 80, this allows us to use common HTTP proxies. + */ + private static final List<String> KEYSERVER_LIST = Arrays.asList( new String[] { + "gpg-keyserver.de", "keyserver.pramberger.at", + "keys.nayr.net", "keyserver.mine.nu", "minsky.surfnet.nl", + "keyserver.linux.it" + } ); + + public PGPPublicKey lookupKeyById( String keyserver, String keyId ) + throws IOException + { + String url = "http://"+keyserver+"/pks/lookup?op=get&search="+keyId; + + HttpClient client = HttpClientFactory.createHttpClient(); + if ( ProxyPrefs.UseHttp.get().booleanValue() + && !StringUtils.isEmpty( ProxyPrefs.HttpHost.get() ) ) + { + client.getHostConfiguration().setProxy( ProxyPrefs.HttpHost.get(), + ProxyPrefs.HttpPort.get().intValue() ); + } + GetMethod method = new GetMethod( url ); + method.addRequestHeader("Cache-Control", "no-cache"); + method.addRequestHeader( HTTPHeaderNames.CONNECTION, + "close" ); + + int responseCode = client.executeMethod(method); + if ( responseCode < 200 || responseCode > 299 ) + { + logger.error( "Failed to connect to keyserver: " + url ); + throw new IOException( "failed rc:" + responseCode ); + } + + InputStream bodyStream = method.getResponseBodyAsStream(); + + ArmoredInputStream as = new ArmoredInputStream( bodyStream ); + PGPPublicKeyRing ring = new PGPPublicKeyRing(as); + long keyid = IOUtil.deserializeLong( HexConverter.toBytes( + keyId.substring( 2 ) ), 0 ); + try + { + PGPPublicKey key = ring.getPublicKey( keyid ); + return key; + } + catch ( PGPException exp ) + { + logger.error( exp.toString(), exp ); + throw new IOException( "PGPException: " + exp.getMessage() ); + } + } + + public String getRandomKeyserver() + { + int pos = RandomUtils.getInt( KEYSERVER_LIST.size() ); + return KEYSERVER_LIST.get( pos ); + } + + public List<String> getKeyserverList() + { + return Collections.unmodifiableList( KEYSERVER_LIST ); + } +} Modified: phex/trunk/src/main/java/phex/gwebcache/GWebCacheConnection.java =================================================================== --- phex/trunk/src/main/java/phex/gwebcache/GWebCacheConnection.java 2008-12-13 19:09:37 UTC (rev 4325) +++ phex/trunk/src/main/java/phex/gwebcache/GWebCacheConnection.java 2008-12-13 23:40:36 UTC (rev 4326) @@ -431,8 +431,6 @@ method.setFollowRedirects(false); method.addRequestHeader("Cache-Control", "no-cache"); // be HTTP/1.1 compliant - method.addRequestHeader( HTTPHeaderNames.USER_AGENT, - Environment.getInstance().getPhexVendor() ); method.addRequestHeader( HTTPHeaderNames.CONNECTION, "close" ); Modified: phex/trunk/src/main/java/phex/update/UpdateCheckRunner.java =================================================================== --- phex/trunk/src/main/java/phex/update/UpdateCheckRunner.java 2008-12-13 19:09:37 UTC (rev 4325) +++ phex/trunk/src/main/java/phex/update/UpdateCheckRunner.java 2008-12-13 23:40:36 UTC (rev 4326) @@ -34,21 +34,14 @@ import java.net.URL; import java.net.UnknownHostException; import java.security.GeneralSecurityException; -import java.security.Security; -import java.util.Arrays; -import java.util.Collections; import java.util.List; -import org.apache.commons.httpclient.HttpClient; -import org.apache.commons.httpclient.methods.GetMethod; import org.apache.commons.lang.SystemUtils; import org.apache.commons.lang.time.DateUtils; import org.bouncycastle.bcpg.ArmoredInputStream; -import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPObjectFactory; import org.bouncycastle.openpgp.PGPPublicKey; -import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignatureList; import org.slf4j.Logger; @@ -56,13 +49,11 @@ import phex.common.Environment; import phex.common.LongObj; +import phex.common.OpenPgpToolkit; import phex.common.PhexVersion; -import phex.common.log.NLogger; import phex.event.UpdateNotificationListener; import phex.gui.common.GUIRegistry; -import phex.http.HTTPHeaderNames; import phex.prefs.core.PhexCorePrefs; -import phex.prefs.core.ProxyPrefs; import phex.prefs.core.StatisticPrefs; import phex.prefs.core.UpdatePrefs; import phex.servent.Servent; @@ -70,10 +61,8 @@ import phex.statistic.StatisticProvider; import phex.statistic.StatisticProviderConstants; import phex.statistic.StatisticsManager; -import phex.utils.HexConverter; import phex.utils.IOUtil; import phex.utils.Localizer; -import phex.utils.StringUtils; import phex.utils.VersionUtils; import phex.xml.sax.DPhex; import phex.xml.sax.DUpdateRequest; @@ -106,22 +95,8 @@ // // Sign: // gpg -asb -u up...@ph... - private static final String PUBLIC_KEY_ID = "0x0EE3F089E5CC3925"; + public static final String PUBLIC_KEY_ID = "0x0EE3F089E5CC3925"; - /** - * We only use servers supporting port 80, this allows us to use common HTTP proxies. - */ - private static final List<String> KEYSERVER_LIST = Arrays.asList( new String[] { - "gpg-keyserver.de", "keyserver.pramberger.at"//, - /*"keys.nayr.net", "keyserver.mine.nu", "minsky.surfnet.nl", - "keyserver.linux.it"*/ - } ); - - static - { - Security.addProvider(new BouncyCastleProvider()); - } - private Throwable updateCheckError; private UpdateNotificationListener listener; private String releaseVersion; @@ -348,7 +323,14 @@ private void verifySignature( UpdateResponseParts parts ) throws IOException { - PGPPublicKey pubKey = requestPublicKey(); + OpenPgpToolkit pgpKit = new OpenPgpToolkit(); + String keyServer = pgpKit.getRandomKeyserver(); + PGPPublicKey pubKey = pgpKit.lookupKeyById( keyServer, PUBLIC_KEY_ID ); + if ( pubKey.isRevoked() ) + { + throw new IOException( "Public key revoked" ); + } + PGPObjectFactory pgpFact = new PGPObjectFactory( new ArmoredInputStream( new ByteArrayInputStream( parts.sig.getBytes("US-ASCII") ) ) ); PGPSignatureList list = (PGPSignatureList) pgpFact.nextObject(); @@ -374,59 +356,6 @@ } } - public PGPPublicKey requestPublicKey() throws IOException - { - Collections.shuffle( KEYSERVER_LIST ); - - String server = KEYSERVER_LIST.get( 0 ); - String url = "http://"+server+"/pks/lookup?op=get&search="+PUBLIC_KEY_ID; - logger.debug( "Keyserver: {}", server ); - - HttpClient client = new HttpClient(); - if ( ProxyPrefs.UseHttp.get().booleanValue() - && !StringUtils.isEmpty( ProxyPrefs.HttpHost.get() ) ) - { - client.getHostConfiguration().setProxy( ProxyPrefs.HttpHost.get(), - ProxyPrefs.HttpPort.get().intValue() ); - } - GetMethod method = new GetMethod( url ); - method.addRequestHeader("Cache-Control", "no-cache"); - // be HTTP/1.1 compliant - method.addRequestHeader( HTTPHeaderNames.USER_AGENT, - Environment.getInstance().getPhexVendor() ); - method.addRequestHeader( HTTPHeaderNames.CONNECTION, - "close" ); - - int responseCode = client.executeMethod(method); - if ( responseCode < 200 || responseCode > 299 ) - { - logger.error( "Failed to connect to keyserver: " + url ); - throw new IOException( "failed rc:" - + responseCode ); - } - - InputStream bodyStream = method.getResponseBodyAsStream(); - - ArmoredInputStream as = new ArmoredInputStream( bodyStream ); - PGPPublicKeyRing ring = new PGPPublicKeyRing(as); - long keyid = IOUtil.deserializeLong( HexConverter.toBytes( - PUBLIC_KEY_ID.substring( 2 ) ), 0 ); - try - { - PGPPublicKey key = ring.getPublicKey( keyid ); - if ( key.isRevoked() ) - { - throw new IOException( "Public key revoked" ); - } - return key; - } - catch ( PGPException exp ) - { - logger.error( exp.toString(), exp ); - throw new IOException( "PGPException: " + exp.getMessage() ); - } - } - private void fireUpdateNotification() { listener.updateNotification( this ); Modified: phex/trunk/src/main/java/phex/utils/RandomUtils.java =================================================================== --- phex/trunk/src/main/java/phex/utils/RandomUtils.java 2008-12-13 19:09:37 UTC (rev 4325) +++ phex/trunk/src/main/java/phex/utils/RandomUtils.java 2008-12-13 23:40:36 UTC (rev 4326) @@ -34,6 +34,16 @@ return res; } + /** + * Returns an int between 0 (inclusive) and maxValue (exclusive). + * @param maxValue the maximal value to allow + * @return an int between 0 (inclusive) and maxValue (exclusive). + */ + public static int getInt( int maxValue ) + { + return RANDOM.nextInt( maxValue ); + } + public static long getLong() { return RANDOM.nextLong(); Modified: phex/trunk/src/main/resources/META-INF/MANIFEST.MF =================================================================== --- phex/trunk/src/main/resources/META-INF/MANIFEST.MF 2008-12-13 19:09:37 UTC (rev 4325) +++ phex/trunk/src/main/resources/META-INF/MANIFEST.MF 2008-12-13 23:40:36 UTC (rev 4326) @@ -2,5 +2,6 @@ Main-Class: phex.Main Class-Path: ../lang/ ../ext/ commons-collections-3.2.jar commons-httpclient-3.0.1.jar forms-1.1.0.jar looks-2.1.4.jar mrjadapter-1.1.jar logback-classic-0.9.9.jar - logback-core-0.9.9.jar slf4j-api-1.5.3.jar jcl-over-slf4j-1.5.3.jar xSocket-2.2.jar + logback-core-0.9.9.jar slf4j-api-1.5.3.jar jcl-over-slf4j-1.5.3.jar xSocket-2.2.jar + bcprov-jdk15-140.jar bcpg-jdk15-140.jar Modified: phex/trunk/src/test/java/phex/test/TestUpdateChecker.java =================================================================== --- phex/trunk/src/test/java/phex/test/TestUpdateChecker.java 2008-12-13 19:09:37 UTC (rev 4325) +++ phex/trunk/src/test/java/phex/test/TestUpdateChecker.java 2008-12-13 23:40:36 UTC (rev 4326) @@ -18,6 +18,7 @@ */ package phex.test; +import junit.framework.Assert; import junit.framework.TestCase; import phex.gui.prefs.InterfacePrefs; import phex.gui.prefs.PhexGuiPrefs; @@ -177,4 +178,9 @@ // System.out.println( checker.getBetaVersion() ); // System.out.println( checker.getReleaseVersion() ); // } + + public void testDummy() + { + Assert.assertTrue( true ); + } } Added: phex/trunk/src/test/java/phex/update/UpdateCheckRunnerTest.java =================================================================== --- phex/trunk/src/test/java/phex/update/UpdateCheckRunnerTest.java (rev 0) +++ phex/trunk/src/test/java/phex/update/UpdateCheckRunnerTest.java 2008-12-13 23:40:36 UTC (rev 4326) @@ -0,0 +1,39 @@ +package phex.update; + +import java.io.IOException; +import java.util.List; + +import junit.framework.Assert; +import junit.framework.TestCase; + +import org.bouncycastle.openpgp.PGPPublicKey; + +import phex.common.OpenPgpToolkit; +import phex.gui.prefs.InterfacePrefs; +import phex.gui.prefs.PhexGuiPrefs; +import phex.prefs.core.PhexCorePrefs; +import phex.servent.Servent; +import phex.utils.Localizer; + +public class UpdateCheckRunnerTest extends TestCase +{ + public void setUp() + { + PhexCorePrefs.init(); + PhexGuiPrefs.init(); + Localizer.initialize( InterfacePrefs.LocaleName.get() ); + Servent.getInstance(); + } + + public void testPublicKeyAvailability() throws IOException + { + OpenPgpToolkit pgpKit = new OpenPgpToolkit(); + List<String> keyServerList = pgpKit.getKeyserverList(); + for ( String keyserver : keyServerList ) + { + PGPPublicKey key = pgpKit.lookupKeyById( keyserver, + UpdateCheckRunner.PUBLIC_KEY_ID ); + Assert.assertFalse( key.isRevoked() ); + } + } +} \ No newline at end of file This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |