[Bug] Fix InstallPluginCommand to use proper key signatures (#1233)
The public key has changed since the initial release. This commit fixes the public key and uses the .sig files that are published to the artifacts site. Signed-off-by: Nicholas Walter Knize <nknize@apache.org>
This commit is contained in:
Nick Knize
GitHub
parent
65abe4a45c
commit
aecc7bd005
|
|
@ -605,7 +605,7 @@ class InstallPluginCommand extends EnvironmentAwareCommand {
|
|||
|
||||
/**
|
||||
* Verify the signature of the downloaded plugin ZIP. The signature is obtained from the source of the downloaded plugin by appending
|
||||
* ".asc" to the URL. It is expected that the plugin is signed with the OpenSearch signing key with ID 0934A65836A51424.
|
||||
* ".sig" to the URL. It is expected that the plugin is signed with the OpenSearch signing key with ID C2EE2AF6542C03B4.
|
||||
*
|
||||
* @param zip the path to the downloaded plugin ZIP
|
||||
* @param urlString the URL source of the downloade plugin ZIP
|
||||
|
|
@ -613,13 +613,13 @@ class InstallPluginCommand extends EnvironmentAwareCommand {
|
|||
* @throws PGPException if the PGP implementation throws an internal exception during verification
|
||||
*/
|
||||
void verifySignature(final Path zip, final String urlString) throws IOException, PGPException {
|
||||
final String ascUrlString = urlString + ".asc";
|
||||
final URL ascUrl = openUrl(ascUrlString);
|
||||
final String sigUrlString = urlString + ".sig";
|
||||
final URL sigUrl = openUrl(sigUrlString);
|
||||
try (
|
||||
// fin is a file stream over the downloaded plugin zip whose signature to verify
|
||||
InputStream fin = pluginZipInputStream(zip);
|
||||
// sin is a URL stream to the signature corresponding to the downloaded plugin zip
|
||||
InputStream sin = urlOpenStream(ascUrl);
|
||||
InputStream sin = urlOpenStream(sigUrl);
|
||||
// ain is a input stream to the public key in ASCII-Armor format (RFC4880)
|
||||
InputStream ain = new ArmoredInputStream(getPublicKey())
|
||||
) {
|
||||
|
|
@ -666,7 +666,7 @@ class InstallPluginCommand extends EnvironmentAwareCommand {
|
|||
* @return the public key ID
|
||||
*/
|
||||
String getPublicKeyId() {
|
||||
return "0934A65836A51424";
|
||||
return "C2EE2AF6542C03B4";
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -675,7 +675,7 @@ class InstallPluginCommand extends EnvironmentAwareCommand {
|
|||
* @return an input stream to the public key
|
||||
*/
|
||||
InputStream getPublicKey() {
|
||||
return InstallPluginCommand.class.getResourceAsStream("/public_key.asc");
|
||||
return InstallPluginCommand.class.getResourceAsStream("/public_key.sig");
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1,52 +0,0 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGBwjWYBEACnC74/w8EMzbdAcOLJeJoQLcu/hcKlco9xAmRgRRsog5Uj3YVl
|
||||
bFqmS8gzP/70jZtnJUgK0e6mm34kwutoOU+rTqKWa0bZuGeMvvwwDmki3DBsL+zb
|
||||
5QABJbmGLcMAr/dM9AzNJMfzzupYg9LttpiSuZwEn6cAIEYHKPcDXNVc4dQGdaaK
|
||||
kKNHmdKbc4r3P2KE5Tqwu3jlAMduRWAGkOCcOloHSvYE3WferIZevjOK/Jf1Zj0F
|
||||
Z5yWEf9l6iNbkvr4ugfQfgoiO48JQBCfvAPTw1qU4nODch47tZsFUfsqu8xUMc0P
|
||||
IGwamIk3q867nGNj7dlR1ZJrMPjvykiw/UY3HQuKHBDMRrY/+eTSXFCSBPEhuCPv
|
||||
DltLTH5EAHLKRiRUUNXCnV9x3Yj9ddUXWwiJs6yArlVA2ehQjE+GUqNT/5AkFRWd
|
||||
WB2g5IYy8uGDvxHo7tGnsod+fHAsiJs2E1pOfO/xTqfLurbNJyEnvMZzdDLxNgRg
|
||||
zlwJaHhsFSlt00BfES20Zh1bNn4w+5ElxDq9VCyxvoxx99vgHgzfi0HSRtiZ84Ip
|
||||
7zGws+9+QWWcrZ+rtPMz1a5n2z6XfedOVcn7Sq2MT4onTGqSgHzgPTQmKcgpLnyC
|
||||
m5u0+J0FfHCa6IMJrlwZGmPU75tc+gUatroyFxoL08Mpth3R+MeyQQ8OaQARAQAB
|
||||
tEJPcGVuU2VhcmNoIEluZmEgKFBMVUdJTiBTSUdOSU5HIEtFWSkgPG9wZW5zZWFy
|
||||
Y2gtaW5mcmFAYW1hem9uLmNvbT6JAk4EEwEKADgWIQQQ+wo+rWCUFm3VWzgJNKZY
|
||||
NqUUJAUCYHCNZgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAJNKZYNqUU
|
||||
JJuxD/4kHrIdFaX442ORqrcjGbSDY3aHdPu5qGtQ3qw3YR20W4/ycCBNwXtWUJTp
|
||||
SYIx3vnK0kTU4ExtQPsMIRGcbou077npknN5VVrhwC83lBsJoKnwaPQ+PmJlSsPB
|
||||
0FiZIRYXdZUcmAowCmXH6rjJi/ZugFbfchWn3vBB5Pq4R8zyW5E/Xhkjf7DWGG7C
|
||||
Cwje3xvE6wLZuTnMfnyhy9QTReNz3fu2Vk/cORG/uhCF/ijWK2CvlMvs/uJ4u5/m
|
||||
vs2HqjnVQJWzXwarqGnCBjY5UOy8ttMWKD2K43oo26hA51MijhYTMz+id85lfdoP
|
||||
H8sxf01Y3pEb36HuM82zu/Ex3yz17/IJnfUhD+95pnV14OOKp24nr7xOmg/C82/+
|
||||
yBg/yfqyjgLSss66Sg11VCK8pUL0grV2OY+JSipGJDnmoTKY2hpmHOPFribzdszS
|
||||
y1P+t+AZi0AmDE4kJdAEt7i9lmdxRuTNKzX8smvdKFaxY23/CKiyBEoYf6OCGlF1
|
||||
12y5emciafXXV3SevXG6VmaIFtOiZZXE73cJNmz+x+Xq9zCNcYHWs5v2aYsyDQQg
|
||||
ouRr2ASrdPiUODKc1jyu9pKf8KftABmUs2RMhCNT4Iy1T7xi/ieumIS8+HDpQ53z
|
||||
Gc+simY7IyPN4exsKAmYlgNhBXRFR4Q7JBA8TRJh7Hc+QbdWk7kCDQRgcI1mARAA
|
||||
onRtsEuZhVEtW0Nq/Mioz/yK2ekxjND5padf2iUy9wHHL/eFqD2w5z/H233BKQwq
|
||||
tPNpcyWDuY+QFCkvNac3cYoBreXLnswIPuQvFK3Z5wysXT/px6gdKR+5kJpjd+f+
|
||||
FxTpsDiinktAotDdzicq2mUsyq6+cCFA+odby/QRaFnOplxUtCYMLhk3uoLnrU5Q
|
||||
DxacjXt8rqoT5OCnEXNjD5rmMawQi/Vdz+pOv0ukWpzGffT2cUvxvS4fVt0tNtzx
|
||||
55zvREweDen3X60ixKyugSnKkLu6s/Ow79qlScWGFUr2lFfmb8qtfGaMSADFrM5R
|
||||
3gN2uojyBAqPtdd8YVkM5WgGBjP4lbIosuT/c+V0WX62HpEBNZdkxrefw972de+4
|
||||
aKOdX7I/5xUwDsODtStCh7FaR+h/vR6EieRuFFwwm9AFV0A/MlhFT7n+XfPFykYr
|
||||
O6gd1AMrmxC0E9CdBW2TZZPlWLmh9YPt64DQHjWyXUJX8RTI5+3FwG8LqR+oZD3Z
|
||||
O7/3PuQ6HcZTQXjviBrc2pree07rDpR8XDVPAuAA+vhQyAh6fDp9POkNV64UoC27
|
||||
WYW57VdiYvPRO2W80GqFza2kh5o4TfOkfKrqgBJSBy2uLHMsHwic5GtUiktrtu1g
|
||||
rw3vnJ3fBYb4DyUmS0aHvRSoxZNjz3548Ywez55fqfsAEQEAAYkCNgQYAQoAIBYh
|
||||
BBD7Cj6tYJQWbdVbOAk0plg2pRQkBQJgcI1mAhsMAAoJEAk0plg2pRQkVugQAJKA
|
||||
yxvmMAqybN7LAfwYsu9oHum77VLctC3wIno8OOiTqAHA56/QJv2MdrffPYlDlXQO
|
||||
Ooewv/wGUsxHVcb8i5v1SEepRBExgYWKZFba3ygkK3gk6Mdj0B8QU2M9/jqeNtMZ
|
||||
X9tsWBISDtvJfGebxBCdfmHCgBE/K5IdvbYKLGGvXwJMYS32NRuBxVT4mtCIB9/x
|
||||
Lt998XADLpFrlvyyXtrurkrNsWxjj2A7f29Lgv3MJ69gA4dafuaC5v2a7lOphP90
|
||||
neefWFr+qesidfXSfxiUtG3HcX3qsq8hhok/qg095E4KxIMc4HVk1Rc4SnU4Tbjj
|
||||
O6Jopg21S+lHNfmIhcRlFUx6rHKNy6jE6B8bcTWvPwqnLYw+HUlCQj5as6xXZyN6
|
||||
gwArL+lGhoB65eviQNqpY3z90BB/8oXWr43jCY3hy72VONHKfy9qDpC7xOoy5DzL
|
||||
D5369eKSLgAZVyKFu94heFGfemHyailzZ5eJ68BBUNpI1a4zMOgMGZuKvHN2oRl5
|
||||
t5y+Z3Zy7wAJbUB4vP188STVo9s03BcM6GAY6UMOdQm8xFYFkeSNLjaknLGv3cHT
|
||||
mTElvSomdXC0GZDcKjs5zoQ+gYNpOXtT/CkuI4c5ZAPo+gHb+NUGFvEuRpHbVkn+
|
||||
n4zYXrhUj6LgWM1NNfD6KS3ckWcN9XPHokvT3op8
|
||||
=w4j8
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGCa8OoBEADPB4ULnunicJnz+QeANNMQ5FoaVx7ImHBpLwn4Dmgc189JukZO
|
||||
WWbJw+fMp4LQRJN78NJQsgmVhyF8jjpqTsznsxK55qymiTaazekh3wXhKXVRhEfB
|
||||
kA1SYV/Aw+ZSgmbPquZftsRVUwHMD6PW+XODyQlAKeGi7wmG4Wjcn3XTJpr90Axf
|
||||
kMRV/j0ZpNp+wGUm9nJMtPOIQGu3oMDWtLjxdfFdtC9O/ZrnOueeeO/jl4y3ZQCF
|
||||
+Z//5ObxAw/yG0/70X31HKyua3p0QAqa74nobw2ttYfgJg0kN5mdf8BmxifmA4zU
|
||||
uMUcFhc5WbKcA2JT7iaDSSmlz1sjtx7xmWhHzSZNoAi0b/xAIfPa3bknA6ENhGNR
|
||||
0m/0u2rRyoa8L1nYn4d+FlptzaY81LMz4kY0yWE4L3oBGR82ySAVDP/MRpgyDGYF
|
||||
HuEsuPT3QlWm0zUgrzWf9xbporhUv/+9eDvagfLrWUauYYpXAOrVEEhRueQGqDVa
|
||||
1zku3lsdWsH8D2SL1cGqX4Ryb2Hi1+uhM1k20lx8fkoE5oF4v4ap5hd/QtA5VS+C
|
||||
KYT+iJmI8lXbERxnPTI46hOqnVUqAM0U2UKxVyRk3NAJaX8oz3SIo0Zrl7piYdSK
|
||||
qCLka9YiQur5oHEXUmGIDwGUSTbbqC92Ni5Crl+aeA8ApOwf19UJt2V0WQARAQAB
|
||||
tCpPcGVuU2VhcmNoIHByb2plY3QgPG9wZW5zZWFyY2hAYW1hem9uLmNvbT6JAjkE
|
||||
EwECACMFAmCa8OoCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRA50xmH
|
||||
kxDT/KBhD/4kvP5eezzBYk+JXfi0JODIiBVTIYMF0rie7RsLmCULf+MdJeuxC0ST
|
||||
rGEKp+sP3kb1n+ugGlQtvh3R23YHPWXlE7UWpvYV4Nc0vPA5ySnLXdxIFyZrbIvC
|
||||
hHqSESuTKm5mRYckMkb3qg7f22zPw3Y3ckM+f3GAnfB2RAxHal1WlqhMTnNG7QNF
|
||||
XLiLbe225KDyLWEkrrm6mFV/PCFufSRWBtInIOxHZqokdT68b4w2o3Tdz16btEhJ
|
||||
KTlBcFmNcL03SqAccTZXkfeCMoP91lFao6WJL2Zfo+CfWW6K2N3NsV5UDGufMSDK
|
||||
RyhsuXtl47SvnYSHGN2pxbi0q3BmtBrqyALuJ4ThVKugqtRk4OvQ1Vxr2DwKnD+s
|
||||
gQmg07SZF5JL9jZV6vIntMW4eKq7vmCo9mZEktKtZdMDBM+hGwjvDp5WGEAOGe6g
|
||||
ZG0mwHhhDFchD+5Vky6EkafBlu+aa45yQ9UO6LXat0XgE+Qg/gLajOkSMQnwUSYw
|
||||
OeyyrvyeRW/NjXYD8Y15TkXPnDXjE9cMijamFGv3Ogf8Z+Xy0LAW+WpDQq4xjXj7
|
||||
mIgzC44C8U1Ji14gugk1aE3T34a9KAr7P42Fp1M8NZuE0wWuKJd3e/VXqOUvjVFt
|
||||
enko6tTFLg2yidvNk3iR7j2XIdB3+SapDmbSCp01D79bVkiWQB1rwrkBDQRgmvLg
|
||||
AQgAx3MTWZRG12qIGlY25QYYta74TA52aa2mQuy9e7Rf4GxHxTr99lwK0UYVDg9M
|
||||
XY8ry/BvOh4O+5HWWlIgMfeEIL4BF6r2DROoRx5LyENtMmMNLw9sKTDftmZUq2ci
|
||||
4mqN9GqnbKd+ppKRvkR+D1nQ3gyXKvkv9PuEWdGpUwwoqa/55PeU5Fyt/Qnf4Hnh
|
||||
kXrYovRqQlpJWQCVNdumXczMRKCJLBuwGoAFCdm3zHHV8dLVKt6ioV0OSBFtOiq/
|
||||
Lcb6sE/WSt+TDhMG14Lie4OM0iV/V+EtT/ENlhAY8ViVvbWe+8eH/iQGcc92lQmr
|
||||
CwpKB42DYvvo2R03/9IYJ0ls3QARAQABiQNEBBgBAgAPBQJgmvLgAhsCBQkB4TOA
|
||||
ASkJEDnTGYeTENP8wF0gBBkBAgAGBQJgmvLgAAoJEMLuKvZULAO0w5cH/1qvMK9r
|
||||
W9voJR6vA4OMmganK+W28noRyJlWFZ9Rt/5Wdb3zPIV53p+aR9DIso2mI1JpaonD
|
||||
9r+slKglu7ZoHCqnD55sdTl27SBpFblSQqHUQGKwpvIYMH+jj6NIgRkPDhe+YSVo
|
||||
xVQS5fexN2vuzAsYGdewtAvx3T8a/Py0kVC7VSLiJjLJdF1lFAF6RWI/AWrpjh/c
|
||||
fXUU1ZdKbJNruyv43rJka6Rj4rZ6qSTKj71+Pu7IYbu3lRj2SfBOrMIdCiltIo/N
|
||||
65RVwIies/9/intR44h1QrYPujQdMwMreKKv/LhI0u/JNNDK1kTzf2cGl0nYLV1c
|
||||
7Bx0BIWeYUrEVcG+Sg//SNGWG7klaLtifTg6UxHkgRkXajDCTATppCL45Lz9hPD4
|
||||
+SgroZnWEWAordqBKHVGVE2d3kyo0Nz7dh7OVAkyV4/QReHaD0+LqnbgRhuiAFHi
|
||||
QwAl+jXQopAFD2MUX1LskelmqSLV4b1aUN4jnGiyhsuEvp2AiTEvrx4KqcxJE88B
|
||||
f2jstY7+PxKQEFLOpzH4A8hiU9hsrhW8K0ymxyTTNPHpUAkl6qE7nFFAemcr8HWw
|
||||
F30Iut2tLa5haeJTTj+xXI52dUEnertlpewLcl1AKTUedNsFbSgzg6glh9/NyNB7
|
||||
XrKDk/yPABEpDkrPVPcHCVLCm1Ya4ro6esp18i+wDWeBFaOuK/NM1pgyy/RXsCFr
|
||||
mhAA0I1QCldD1oTv2F5MMlVT5TqcJC54martiVHhKs/4yylR5IutDniZ458VqAH+
|
||||
1B0WDoJC58lGcUHai4o4hxhVwdBGoxz4UoTUX80N5wB/0esf02H8aBwuGh0VMen8
|
||||
my8hu3OnqfyScab9j6TB+tnfFM7pa8vJ9nZeDn2oHyYj9T22NYa1FYRkK40wzylo
|
||||
IU/Nmemh0/JXnpEe7b5qrGyC3M2VhXs2vnX+LaKWTFFLHgB6Yt5LbRYDiRApcuRF
|
||||
SwThr6EACG9HRPr76uRLE6Wkifn7NrIRbD3nrAzdxNLHBIK+veTVDQOGoxf7jOU=
|
||||
=4bMD
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
@ -935,8 +935,8 @@ public class InstallPluginCommandTests extends OpenSearchTestCase {
|
|||
String checksum = shaCalculator.apply(zipbytes);
|
||||
Files.write(shaFile, checksum.getBytes(StandardCharsets.UTF_8));
|
||||
return shaFile.toUri().toURL();
|
||||
} else if ((url + ".asc").equals(urlString)) {
|
||||
final Path ascFile = temp.apply("asc").resolve("downloaded.zip" + ".asc");
|
||||
} else if ((url + ".sig").equals(urlString)) {
|
||||
final Path ascFile = temp.apply("sig").resolve("downloaded.zip" + ".sig");
|
||||
final byte[] zipBytes = Files.readAllBytes(pluginZip);
|
||||
final String asc = signature.apply(zipBytes, secretKey);
|
||||
Files.write(ascFile, asc.getBytes(StandardCharsets.UTF_8));
|
||||
|
|
|
|||
Loading…
Reference in New Issue