Revision: 4623
http://sourceforge.net/p/vexi/code/4623
Author: mkpg2
Date: 2013-12-20 20:26:46 +0000 (Fri, 20 Dec 2013)
Log Message:
-----------
build.sign. Optionally verify file.
Modified Paths:
--------------
trunk/org.vexi-build.shared/meta/module.revisions
trunk/org.vexi-build.sign/src/main/java/org/vexi/build/sign/VexiSignAssembler.java
trunk/org.vexi-tools.certify/src/main/java/org/vexi/security/SecretFolder.java
trunk/org.vexi-tools.certify/src/main/java/org/vexi/security/VerifyFiles.java
Modified: trunk/org.vexi-build.shared/meta/module.revisions
===================================================================
--- trunk/org.vexi-build.shared/meta/module.revisions 2013-12-20 18:43:04 UTC
(rev 4622)
+++ trunk/org.vexi-build.shared/meta/module.revisions 2013-12-20 20:26:46 UTC
(rev 4623)
@@ -1 +1 @@
-{"https:\/\/ebuild-project.org\/svn\/ebuild\/plugins":"143"}
\ No newline at end of file
+{"https:\/\/ebuild-project.org\/svn\/ebuild\/plugins":"152"}
\ No newline at end of file
Modified:
trunk/org.vexi-build.sign/src/main/java/org/vexi/build/sign/VexiSignAssembler.java
===================================================================
---
trunk/org.vexi-build.sign/src/main/java/org/vexi/build/sign/VexiSignAssembler.java
2013-12-20 18:43:04 UTC (rev 4622)
+++
trunk/org.vexi-build.sign/src/main/java/org/vexi/build/sign/VexiSignAssembler.java
2013-12-20 20:26:46 UTC (rev 4623)
@@ -3,11 +3,14 @@
import static ebuild.util.CollectionUtil.singletonList;
import java.io.File;
+import java.io.IOException;
import java.security.Security;
import java.util.Collection;
+import org.bouncycastle.util.Arrays;
import org.vexi.security.SecretFolder;
import org.vexi.security.SignFiles;
+import org.vexi.security.VerifyFiles;
import ebuild.api.IAssemblerArgument;
import ebuild.api.IEBuild;
@@ -15,6 +18,7 @@
import ebuild.api.plugin.AbstractAssembler;
import ebuild.api.plugin.BuildPluginException;
import ebuild.api.plugin.IPropertyMap;
+import ebuild.util.IOUtil;
public class VexiSignAssembler extends AbstractAssembler{
static{
@@ -27,6 +31,7 @@
IEBuild ebuild = argument.getEBuild();
IInputMap inputs = argument.getInputMap();
+ boolean verify = props.getBool("verify", false);
String secretName = props.expectString("secret_name");
File secretFolder = ebuild.getCredentialsFile(secretName);
if(!secretFolder.isDirectory()){
@@ -35,15 +40,27 @@
SecretFolder secret;
+ File in = inputs.expectLoneInput().expectLoneArtifact();
+ File out = new File(argument.getOutputDirectory(),
argument.getReleaseFileName());
try{
secret = new SecretFolder(secretFolder, null);
- File in = inputs.expectLoneInput().expectLoneArtifact();
// REMARK - we have to use the release file name
- File out = new File(argument.getOutputDirectory(),
argument.getReleaseFileName());
new SignFiles().process(secret, in, out);
- return singletonList(out);
}catch(Exception e){
throw new BuildPluginException(e);
}
+
+ if(verify){
+ try{
+ byte[] bytes0 = IOUtil.fileToBytes(in);
+ byte[] bytes1 =
VerifyFiles.verifyFile(secret.getCertFile(), in);
+ if(!Arrays.areEqual(bytes0, bytes1)){
+ throw new BuildPluginException("Verification
failed - did not reproduce");
+ }
+ }catch(IOException e){
+ throw new BuildPluginException(e);
+ }
+ }
+ return singletonList(out);
}
}
Modified:
trunk/org.vexi-tools.certify/src/main/java/org/vexi/security/SecretFolder.java
===================================================================
---
trunk/org.vexi-tools.certify/src/main/java/org/vexi/security/SecretFolder.java
2013-12-20 18:43:04 UTC (rev 4622)
+++
trunk/org.vexi-tools.certify/src/main/java/org/vexi/security/SecretFolder.java
2013-12-20 20:26:46 UTC (rev 4623)
@@ -76,8 +76,11 @@
public RSAPublicKey getPublicKey() throws NoSuchProviderException,
PGPException {
return (RSAPublicKey) secretkey.getPublicKey().getKey("BC");
}
+ public File getCertFile() {
+ return new File(folder,"root.crt");
+ }
public X509.Certificate getCert() throws Exception {
- String certBase64 = IOUtil.fileToString(new
File(folder,"root.crt"));
+ String certBase64 = IOUtil.fileToString(getCertFile());
X509.Certificate x509 = new X509.Certificate(new
ByteArrayInputStream(Encode.fromBase64(certBase64)));
return x509;
}
Modified:
trunk/org.vexi-tools.certify/src/main/java/org/vexi/security/VerifyFiles.java
===================================================================
---
trunk/org.vexi-tools.certify/src/main/java/org/vexi/security/VerifyFiles.java
2013-12-20 18:43:04 UTC (rev 4622)
+++
trunk/org.vexi-tools.certify/src/main/java/org/vexi/security/VerifyFiles.java
2013-12-20 20:26:46 UTC (rev 4623)
@@ -1,21 +1,25 @@
package org.vexi.security;
-import java.io.*;
-import java.util.*;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.HashMap;
+import java.util.Map;
import org.ibex.crypto.X509;
-import org.ibex.util.*;
-import org.vexi.security.VerifySigned;
+import org.ibex.util.Logger;
public class VerifyFiles {
+
static public void run(Logger log, File cert, File signedDir) throws
Exception {
X509.Certificate x509 = new X509.Certificate(new FileInputStream(cert));
Map identityToPK = new HashMap();
identityToPK.put(x509.getCN(), x509.getRSAPublicKey());
-
-
log.info("certifier",x509.getCN());
log.warn("directory",signedDir+"/*");
File[] files = signedDir.listFiles();
@@ -23,14 +27,9 @@
String name = in.getName();
if(!name.endsWith(".signed")) continue;
String nameUnsigned = name.substring(0,
name.length()-".signed".length());
-
try{
- VerifySigned.verify(
- //log,
- identityToPK,
- new FileInputStream(in),
- name,
- new FileOutputStream(new
File(signedDir,nameUnsigned)));
+ OutputStream out = new FileOutputStream(new
File(signedDir,nameUnsigned));
+ verifyFile(identityToPK, in, out);
log.warn("ok",name);
}catch(IOException e){
log.warn("ko",name);
@@ -38,6 +37,24 @@
}
}
}
+
+ static public byte[] verifyFile(File cert, File in) throws IOException {
+ X509.Certificate x509 = new X509.Certificate(new FileInputStream(cert));
+ Map identityToPK = new HashMap();
+ identityToPK.put(x509.getCN(), x509.getRSAPublicKey());
+ ByteArrayOutputStream baos = new
ByteArrayOutputStream((int)in.length());
+ verifyFile(identityToPK, in, baos);
+ return baos.toByteArray();
+ }
-
+ static public void verifyFile(Map identityToPK, File in, OutputStream
out) throws IOException {
+ String name = in.getName();
+
+ VerifySigned.verify(
+ //log,
+ identityToPK,
+ new FileInputStream(in),
+ name,
+ out);
+ }
}
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Vexi-svn mailing list
Vexi-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vexi-svn
