Don't throw if an unknown key type is encountered [#420]

BouncyCastle doesn't support all of the possible key types that gpg supports, so we should handle that case gracefully.
clojars · Nov 22, 2015 · a63bd86 · a63bd86
1 parent edf196a
commit a63bd86
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 6 deletions.
diff --git a/dev-resources/curve25519.key b/dev-resources/curve25519.key
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mDMEVlEqthYJKwYBBAHaRw8BAQdAru5QGoTPjAtsywle+hMhipHPBlQwLlf1n7po
+gqKf8ui0L1Rlc3QgVXNlciAoY2xvamFycyB0ZXN0IGtleSkgPHRlc3RAZXhhbXBs
+ZS5jb20+iHkEExYIACEFAlZRKrYCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AA
+CgkQwpMeCF4HXjyxtgEAxmmlxwpOh3ucLBhLfUqh/N/0fQtBsM/J9AiPgkz2+GMA
+/R4Y+p6sLx1r8gRndsz5IB6GC38ye11IAW50MosP8fwI
+=u2XW
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/src/clojars/promote.clj b/src/clojars/promote.clj
@@ -12,7 +12,7 @@
             [clj-pgp.signature :as pgp-sig])
   (:import (java.util.concurrent LinkedBlockingQueue)
            (org.springframework.aws.maven SimpleStorageServiceWagon)
-           (java.io File ByteArrayInputStream PrintWriter)
+           (java.io File ByteArrayInputStream PrintWriter IOException)
            (org.bouncycastle.openpgp PGPUtil PGPObjectFactory)
            (org.bouncycastle.bcpg ArmoredInputStream)))
 
@@ -48,7 +48,12 @@
         .nextObject
         .getPublicKeys
         iterator-seq)
-    (catch NullPointerException e)))
+    (catch NullPointerException _)
+    (catch IOException e
+      (throw (ex-info "Parsing keys failed"
+                      {:key-data s
+                       :reason (.getMessage e)}
+                      e)))))
 
 (defn file-for [group artifact version extension]
   (let [filename (format "%s-%s.%s" artifact version extension)]
@@ -74,10 +79,14 @@
 (defn signed? [blockers file keys]
   (let [sig-file (str file ".asc")]
     (if (.exists (io/file sig-file))
-      (if (signed-with? file sig-file keys)
-        blockers
-        (conj blockers (str "Could not verify signature of " file "."
-                            " Ensure your public key is in your profile.")))
+      (try
+        (if (signed-with? file sig-file keys)
+          blockers
+          (conj blockers (str "Could not verify signature of " file "."
+                           " Ensure your public key is in your profile.")))
+        (catch clojure.lang.ExceptionInfo e
+          (conj blockers (format "Could not verify signature of %s: %s"
+                          file (-> e ex-data :reason)))))
       (conj blockers (str file " is not signed.")))))
 
 (defn unpromoted? [blockers db {:keys [group name version]}]

diff --git a/test/clojars/test/unit/promote.clj b/test/clojars/test/unit/promote.clj
@@ -65,6 +65,22 @@
          (blockers help/*db*
                    {:group "robert" :name "hooke" :version "1.1.2"}))))
 
+(deftest test-unknown-key-type
+  (copy-resource "1.1.2")
+  (io/copy "dummy hooke jar file"
+           (file-for "robert" "hooke" "1.1.2" "jar"))
+  (copy-resource "1.1.2" "jar.asc")
+  (copy-resource "1.1.2" "pom.asc")
+  (db/add-user help/*db* "[email protected]" "testuser" "password"
+               (slurp (io/resource "curve25519.key")))
+  (db/add-member help/*db* "robert" "testuser" nil)
+  (is (= (str "Could not verify signature of "
+              (config :repo) "/robert/hooke/1.1.2/hooke-1.1.2.jar: "
+              "unknown PGP public key algorithm encountered")
+         (first
+           (blockers help/*db*
+                     {:group "robert" :name "hooke" :version "1.1.2"})))))
+
 (deftest test-no-key
   (copy-resource "1.1.2")
   (io/copy "dummy hooke jar file corrupted"