2020-04-27 01:58:28 +03:00
|
|
|
Manifest-Version: 1.0
|
|
|
|
Bundle-ManifestVersion: 2
|
|
|
|
Bundle-Name: %Bundle-Name
|
|
|
|
Automatic-Module-Name: org.eclipse.jgit.gpg.bc
|
|
|
|
Bundle-SymbolicName: org.eclipse.jgit.gpg.bc;singleton:=true
|
2021-06-14 02:49:05 +03:00
|
|
|
Fragment-Host: org.eclipse.jgit;bundle-version="[5.13.0,5.14.0)"
|
2020-04-27 01:58:28 +03:00
|
|
|
Bundle-Vendor: %Bundle-Vendor
|
|
|
|
Bundle-Localization: plugin
|
2021-06-14 02:49:05 +03:00
|
|
|
Bundle-Version: 5.13.0.qualifier
|
2020-04-27 01:58:28 +03:00
|
|
|
Bundle-RequiredExecutionEnvironment: JavaSE-1.8
|
2021-01-17 17:21:28 +02:00
|
|
|
Import-Package: org.bouncycastle.asn1;version="[1.65.0,2.0.0)",
|
|
|
|
org.bouncycastle.asn1.cryptlib;version="[1.65.0,2.0.0)",
|
|
|
|
org.bouncycastle.asn1.x9;version="[1.65.0,2.0.0)",
|
|
|
|
org.bouncycastle.bcpg;version="[1.65.0,2.0.0)",
|
GPG signature verification via BouncyCastle
Add a GpgSignatureVerifier interface, plus a factory to create
instances thereof that is provided via the ServiceLoader mechanism.
Implement the new interface for BouncyCastle. A verifier maintains
an internal LRU cache of previously found public keys to speed up
verifying multiple objects (tag or commits). Mergetags are not handled.
Provide a new VerifySignatureCommand in org.eclipse.jgit.api together
with a factory method Git.verifySignature(). The command can verify
signatures on tags or commits, and can be limited to accept only tags
or commits. Provide a new public WrongObjectTypeException thrown when
the command is limited to either tags or commits and a name resolves
to some other object kind.
In jgit.pgm, implement "git tag -v", "git log --show-signature", and
"git show --show-signature". The output is similar to command-line
gpg invoked via git, but not identical. In particular, lines are not
prefixed by "gpg:" but by "bc:".
Trust levels for public keys are read from the keys' trust packets,
not from GPG's internal trust database. A trust packet may or may
not be set. Command-line GPG produces more warning lines depending
on the trust level, warning about keys with a trust level below
"full".
There are no unit tests because JGit still doesn't have any setup to
do signing unit tests; this would require at least a faked .gpg
directory with pre-created key rings and keys, and a way to make the
BouncyCastle classes use that directory instead of the default. See
bug 547538 and also bug 544847.
Tested manually with a small test repository containing signed and
unsigned commits and tags, with signatures made with different keys
and made by command-line git using GPG 2.2.25 and by JGit using
BouncyCastle 1.65.
Bug: 547751
Change-Id: If7e34aeed6ca6636a92bf774d893d98f6d459181
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2021-01-07 18:11:57 +02:00
|
|
|
org.bouncycastle.bcpg.sig;version="[1.65.0,2.0.0)",
|
2021-01-17 17:21:28 +02:00
|
|
|
org.bouncycastle.crypto.ec;version="[1.65.0,2.0.0)",
|
2020-04-27 01:58:28 +03:00
|
|
|
org.bouncycastle.gpg;version="[1.65.0,2.0.0)",
|
|
|
|
org.bouncycastle.gpg.keybox;version="[1.65.0,2.0.0)",
|
|
|
|
org.bouncycastle.gpg.keybox.jcajce;version="[1.65.0,2.0.0)",
|
2021-01-17 17:21:28 +02:00
|
|
|
org.bouncycastle.jcajce.interfaces;version="[1.65.0,2.0.0)",
|
2021-01-24 03:13:43 +02:00
|
|
|
org.bouncycastle.jcajce.util;version="[1.65.0,2.0.0)",
|
2020-04-27 01:58:28 +03:00
|
|
|
org.bouncycastle.jce.provider;version="[1.65.0,2.0.0)",
|
2021-01-17 17:21:28 +02:00
|
|
|
org.bouncycastle.math.ec;version="[1.65.0,2.0.0)",
|
|
|
|
org.bouncycastle.math.field;version="[1.65.0,2.0.0)",
|
2020-04-27 01:58:28 +03:00
|
|
|
org.bouncycastle.openpgp;version="[1.65.0,2.0.0)",
|
GPG signature verification via BouncyCastle
Add a GpgSignatureVerifier interface, plus a factory to create
instances thereof that is provided via the ServiceLoader mechanism.
Implement the new interface for BouncyCastle. A verifier maintains
an internal LRU cache of previously found public keys to speed up
verifying multiple objects (tag or commits). Mergetags are not handled.
Provide a new VerifySignatureCommand in org.eclipse.jgit.api together
with a factory method Git.verifySignature(). The command can verify
signatures on tags or commits, and can be limited to accept only tags
or commits. Provide a new public WrongObjectTypeException thrown when
the command is limited to either tags or commits and a name resolves
to some other object kind.
In jgit.pgm, implement "git tag -v", "git log --show-signature", and
"git show --show-signature". The output is similar to command-line
gpg invoked via git, but not identical. In particular, lines are not
prefixed by "gpg:" but by "bc:".
Trust levels for public keys are read from the keys' trust packets,
not from GPG's internal trust database. A trust packet may or may
not be set. Command-line GPG produces more warning lines depending
on the trust level, warning about keys with a trust level below
"full".
There are no unit tests because JGit still doesn't have any setup to
do signing unit tests; this would require at least a faked .gpg
directory with pre-created key rings and keys, and a way to make the
BouncyCastle classes use that directory instead of the default. See
bug 547538 and also bug 544847.
Tested manually with a small test repository containing signed and
unsigned commits and tags, with signatures made with different keys
and made by command-line git using GPG 2.2.25 and by JGit using
BouncyCastle 1.65.
Bug: 547751
Change-Id: If7e34aeed6ca6636a92bf774d893d98f6d459181
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2021-01-07 18:11:57 +02:00
|
|
|
org.bouncycastle.openpgp.jcajce;version="[1.65.0,2.0.0)",
|
2020-04-27 01:58:28 +03:00
|
|
|
org.bouncycastle.openpgp.operator;version="[1.65.0,2.0.0)",
|
|
|
|
org.bouncycastle.openpgp.operator.jcajce;version="[1.65.0,2.0.0)",
|
2021-01-24 03:13:43 +02:00
|
|
|
org.bouncycastle.util;version="[1.65.0,2.0.0)",
|
2020-04-27 01:58:28 +03:00
|
|
|
org.bouncycastle.util.encoders;version="[1.65.0,2.0.0)",
|
2021-01-24 03:13:43 +02:00
|
|
|
org.bouncycastle.util.io;version="[1.65.0,2.0.0)",
|
2021-06-14 02:49:05 +03:00
|
|
|
org.eclipse.jgit.annotations;version="[5.13.0,5.14.0)",
|
|
|
|
org.eclipse.jgit.api.errors;version="[5.13.0,5.14.0)",
|
2020-04-27 01:58:28 +03:00
|
|
|
org.slf4j;version="[1.7.0,2.0.0)"
|
2021-06-14 02:49:05 +03:00
|
|
|
Export-Package: org.eclipse.jgit.gpg.bc;version="5.13.0",
|
|
|
|
org.eclipse.jgit.gpg.bc.internal;version="5.13.0";x-friends:="org.eclipse.jgit.gpg.bc.test",
|
|
|
|
org.eclipse.jgit.gpg.bc.internal.keys;version="5.13.0";x-friends:="org.eclipse.jgit.gpg.bc.test"
|