From aecc7bd005544d79c6524960a32984926ba6718a Mon Sep 17 00:00:00 2001 From: Nick Knize Date: Fri, 10 Sep 2021 16:58:31 -0500 Subject: [PATCH] [Bug] Fix InstallPluginCommand to use proper key signatures (#1233) The public key has changed since the initial release. This commit fixes the public key and uses the .sig files that are published to the artifacts site. Signed-off-by: Nicholas Walter Knize --- .../plugins/InstallPluginCommand.java | 12 ++--- .../src/main/resources/public_key.asc | 52 ------------------- .../src/main/resources/public_key.sig | 51 ++++++++++++++++++ .../plugins/InstallPluginCommandTests.java | 4 +- 4 files changed, 59 insertions(+), 60 deletions(-) delete mode 100644 distribution/tools/plugin-cli/src/main/resources/public_key.asc create mode 100644 distribution/tools/plugin-cli/src/main/resources/public_key.sig diff --git a/distribution/tools/plugin-cli/src/main/java/org/opensearch/plugins/InstallPluginCommand.java b/distribution/tools/plugin-cli/src/main/java/org/opensearch/plugins/InstallPluginCommand.java index 0f9ff212609..b404614ca43 100644 --- a/distribution/tools/plugin-cli/src/main/java/org/opensearch/plugins/InstallPluginCommand.java +++ b/distribution/tools/plugin-cli/src/main/java/org/opensearch/plugins/InstallPluginCommand.java @@ -605,7 +605,7 @@ class InstallPluginCommand extends EnvironmentAwareCommand { /** * Verify the signature of the downloaded plugin ZIP. The signature is obtained from the source of the downloaded plugin by appending - * ".asc" to the URL. It is expected that the plugin is signed with the OpenSearch signing key with ID 0934A65836A51424. + * ".sig" to the URL. It is expected that the plugin is signed with the OpenSearch signing key with ID C2EE2AF6542C03B4. * * @param zip the path to the downloaded plugin ZIP * @param urlString the URL source of the downloade plugin ZIP @@ -613,13 +613,13 @@ class InstallPluginCommand extends EnvironmentAwareCommand { * @throws PGPException if the PGP implementation throws an internal exception during verification */ void verifySignature(final Path zip, final String urlString) throws IOException, PGPException { - final String ascUrlString = urlString + ".asc"; - final URL ascUrl = openUrl(ascUrlString); + final String sigUrlString = urlString + ".sig"; + final URL sigUrl = openUrl(sigUrlString); try ( // fin is a file stream over the downloaded plugin zip whose signature to verify InputStream fin = pluginZipInputStream(zip); // sin is a URL stream to the signature corresponding to the downloaded plugin zip - InputStream sin = urlOpenStream(ascUrl); + InputStream sin = urlOpenStream(sigUrl); // ain is a input stream to the public key in ASCII-Armor format (RFC4880) InputStream ain = new ArmoredInputStream(getPublicKey()) ) { @@ -666,7 +666,7 @@ class InstallPluginCommand extends EnvironmentAwareCommand { * @return the public key ID */ String getPublicKeyId() { - return "0934A65836A51424"; + return "C2EE2AF6542C03B4"; } /** @@ -675,7 +675,7 @@ class InstallPluginCommand extends EnvironmentAwareCommand { * @return an input stream to the public key */ InputStream getPublicKey() { - return InstallPluginCommand.class.getResourceAsStream("/public_key.asc"); + return InstallPluginCommand.class.getResourceAsStream("/public_key.sig"); } /** diff --git a/distribution/tools/plugin-cli/src/main/resources/public_key.asc b/distribution/tools/plugin-cli/src/main/resources/public_key.asc deleted file mode 100644 index 7909907491b..00000000000 --- a/distribution/tools/plugin-cli/src/main/resources/public_key.asc +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGBwjWYBEACnC74/w8EMzbdAcOLJeJoQLcu/hcKlco9xAmRgRRsog5Uj3YVl -bFqmS8gzP/70jZtnJUgK0e6mm34kwutoOU+rTqKWa0bZuGeMvvwwDmki3DBsL+zb -5QABJbmGLcMAr/dM9AzNJMfzzupYg9LttpiSuZwEn6cAIEYHKPcDXNVc4dQGdaaK -kKNHmdKbc4r3P2KE5Tqwu3jlAMduRWAGkOCcOloHSvYE3WferIZevjOK/Jf1Zj0F -Z5yWEf9l6iNbkvr4ugfQfgoiO48JQBCfvAPTw1qU4nODch47tZsFUfsqu8xUMc0P -IGwamIk3q867nGNj7dlR1ZJrMPjvykiw/UY3HQuKHBDMRrY/+eTSXFCSBPEhuCPv -DltLTH5EAHLKRiRUUNXCnV9x3Yj9ddUXWwiJs6yArlVA2ehQjE+GUqNT/5AkFRWd -WB2g5IYy8uGDvxHo7tGnsod+fHAsiJs2E1pOfO/xTqfLurbNJyEnvMZzdDLxNgRg -zlwJaHhsFSlt00BfES20Zh1bNn4w+5ElxDq9VCyxvoxx99vgHgzfi0HSRtiZ84Ip -7zGws+9+QWWcrZ+rtPMz1a5n2z6XfedOVcn7Sq2MT4onTGqSgHzgPTQmKcgpLnyC -m5u0+J0FfHCa6IMJrlwZGmPU75tc+gUatroyFxoL08Mpth3R+MeyQQ8OaQARAQAB -tEJPcGVuU2VhcmNoIEluZmEgKFBMVUdJTiBTSUdOSU5HIEtFWSkgPG9wZW5zZWFy -Y2gtaW5mcmFAYW1hem9uLmNvbT6JAk4EEwEKADgWIQQQ+wo+rWCUFm3VWzgJNKZY -NqUUJAUCYHCNZgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAJNKZYNqUU -JJuxD/4kHrIdFaX442ORqrcjGbSDY3aHdPu5qGtQ3qw3YR20W4/ycCBNwXtWUJTp -SYIx3vnK0kTU4ExtQPsMIRGcbou077npknN5VVrhwC83lBsJoKnwaPQ+PmJlSsPB -0FiZIRYXdZUcmAowCmXH6rjJi/ZugFbfchWn3vBB5Pq4R8zyW5E/Xhkjf7DWGG7C -Cwje3xvE6wLZuTnMfnyhy9QTReNz3fu2Vk/cORG/uhCF/ijWK2CvlMvs/uJ4u5/m -vs2HqjnVQJWzXwarqGnCBjY5UOy8ttMWKD2K43oo26hA51MijhYTMz+id85lfdoP -H8sxf01Y3pEb36HuM82zu/Ex3yz17/IJnfUhD+95pnV14OOKp24nr7xOmg/C82/+ -yBg/yfqyjgLSss66Sg11VCK8pUL0grV2OY+JSipGJDnmoTKY2hpmHOPFribzdszS -y1P+t+AZi0AmDE4kJdAEt7i9lmdxRuTNKzX8smvdKFaxY23/CKiyBEoYf6OCGlF1 -12y5emciafXXV3SevXG6VmaIFtOiZZXE73cJNmz+x+Xq9zCNcYHWs5v2aYsyDQQg -ouRr2ASrdPiUODKc1jyu9pKf8KftABmUs2RMhCNT4Iy1T7xi/ieumIS8+HDpQ53z -Gc+simY7IyPN4exsKAmYlgNhBXRFR4Q7JBA8TRJh7Hc+QbdWk7kCDQRgcI1mARAA -onRtsEuZhVEtW0Nq/Mioz/yK2ekxjND5padf2iUy9wHHL/eFqD2w5z/H233BKQwq -tPNpcyWDuY+QFCkvNac3cYoBreXLnswIPuQvFK3Z5wysXT/px6gdKR+5kJpjd+f+ -FxTpsDiinktAotDdzicq2mUsyq6+cCFA+odby/QRaFnOplxUtCYMLhk3uoLnrU5Q -DxacjXt8rqoT5OCnEXNjD5rmMawQi/Vdz+pOv0ukWpzGffT2cUvxvS4fVt0tNtzx -55zvREweDen3X60ixKyugSnKkLu6s/Ow79qlScWGFUr2lFfmb8qtfGaMSADFrM5R -3gN2uojyBAqPtdd8YVkM5WgGBjP4lbIosuT/c+V0WX62HpEBNZdkxrefw972de+4 -aKOdX7I/5xUwDsODtStCh7FaR+h/vR6EieRuFFwwm9AFV0A/MlhFT7n+XfPFykYr -O6gd1AMrmxC0E9CdBW2TZZPlWLmh9YPt64DQHjWyXUJX8RTI5+3FwG8LqR+oZD3Z -O7/3PuQ6HcZTQXjviBrc2pree07rDpR8XDVPAuAA+vhQyAh6fDp9POkNV64UoC27 -WYW57VdiYvPRO2W80GqFza2kh5o4TfOkfKrqgBJSBy2uLHMsHwic5GtUiktrtu1g -rw3vnJ3fBYb4DyUmS0aHvRSoxZNjz3548Ywez55fqfsAEQEAAYkCNgQYAQoAIBYh -BBD7Cj6tYJQWbdVbOAk0plg2pRQkBQJgcI1mAhsMAAoJEAk0plg2pRQkVugQAJKA -yxvmMAqybN7LAfwYsu9oHum77VLctC3wIno8OOiTqAHA56/QJv2MdrffPYlDlXQO -Ooewv/wGUsxHVcb8i5v1SEepRBExgYWKZFba3ygkK3gk6Mdj0B8QU2M9/jqeNtMZ -X9tsWBISDtvJfGebxBCdfmHCgBE/K5IdvbYKLGGvXwJMYS32NRuBxVT4mtCIB9/x -Lt998XADLpFrlvyyXtrurkrNsWxjj2A7f29Lgv3MJ69gA4dafuaC5v2a7lOphP90 -neefWFr+qesidfXSfxiUtG3HcX3qsq8hhok/qg095E4KxIMc4HVk1Rc4SnU4Tbjj -O6Jopg21S+lHNfmIhcRlFUx6rHKNy6jE6B8bcTWvPwqnLYw+HUlCQj5as6xXZyN6 -gwArL+lGhoB65eviQNqpY3z90BB/8oXWr43jCY3hy72VONHKfy9qDpC7xOoy5DzL -D5369eKSLgAZVyKFu94heFGfemHyailzZ5eJ68BBUNpI1a4zMOgMGZuKvHN2oRl5 -t5y+Z3Zy7wAJbUB4vP188STVo9s03BcM6GAY6UMOdQm8xFYFkeSNLjaknLGv3cHT -mTElvSomdXC0GZDcKjs5zoQ+gYNpOXtT/CkuI4c5ZAPo+gHb+NUGFvEuRpHbVkn+ -n4zYXrhUj6LgWM1NNfD6KS3ckWcN9XPHokvT3op8 -=w4j8 ------END PGP PUBLIC KEY BLOCK----- diff --git a/distribution/tools/plugin-cli/src/main/resources/public_key.sig b/distribution/tools/plugin-cli/src/main/resources/public_key.sig new file mode 100644 index 00000000000..405bdda6e42 --- /dev/null +++ b/distribution/tools/plugin-cli/src/main/resources/public_key.sig @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGCa8OoBEADPB4ULnunicJnz+QeANNMQ5FoaVx7ImHBpLwn4Dmgc189JukZO +WWbJw+fMp4LQRJN78NJQsgmVhyF8jjpqTsznsxK55qymiTaazekh3wXhKXVRhEfB +kA1SYV/Aw+ZSgmbPquZftsRVUwHMD6PW+XODyQlAKeGi7wmG4Wjcn3XTJpr90Axf +kMRV/j0ZpNp+wGUm9nJMtPOIQGu3oMDWtLjxdfFdtC9O/ZrnOueeeO/jl4y3ZQCF ++Z//5ObxAw/yG0/70X31HKyua3p0QAqa74nobw2ttYfgJg0kN5mdf8BmxifmA4zU +uMUcFhc5WbKcA2JT7iaDSSmlz1sjtx7xmWhHzSZNoAi0b/xAIfPa3bknA6ENhGNR +0m/0u2rRyoa8L1nYn4d+FlptzaY81LMz4kY0yWE4L3oBGR82ySAVDP/MRpgyDGYF +HuEsuPT3QlWm0zUgrzWf9xbporhUv/+9eDvagfLrWUauYYpXAOrVEEhRueQGqDVa +1zku3lsdWsH8D2SL1cGqX4Ryb2Hi1+uhM1k20lx8fkoE5oF4v4ap5hd/QtA5VS+C +KYT+iJmI8lXbERxnPTI46hOqnVUqAM0U2UKxVyRk3NAJaX8oz3SIo0Zrl7piYdSK +qCLka9YiQur5oHEXUmGIDwGUSTbbqC92Ni5Crl+aeA8ApOwf19UJt2V0WQARAQAB +tCpPcGVuU2VhcmNoIHByb2plY3QgPG9wZW5zZWFyY2hAYW1hem9uLmNvbT6JAjkE +EwECACMFAmCa8OoCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRA50xmH +kxDT/KBhD/4kvP5eezzBYk+JXfi0JODIiBVTIYMF0rie7RsLmCULf+MdJeuxC0ST +rGEKp+sP3kb1n+ugGlQtvh3R23YHPWXlE7UWpvYV4Nc0vPA5ySnLXdxIFyZrbIvC +hHqSESuTKm5mRYckMkb3qg7f22zPw3Y3ckM+f3GAnfB2RAxHal1WlqhMTnNG7QNF +XLiLbe225KDyLWEkrrm6mFV/PCFufSRWBtInIOxHZqokdT68b4w2o3Tdz16btEhJ +KTlBcFmNcL03SqAccTZXkfeCMoP91lFao6WJL2Zfo+CfWW6K2N3NsV5UDGufMSDK +RyhsuXtl47SvnYSHGN2pxbi0q3BmtBrqyALuJ4ThVKugqtRk4OvQ1Vxr2DwKnD+s +gQmg07SZF5JL9jZV6vIntMW4eKq7vmCo9mZEktKtZdMDBM+hGwjvDp5WGEAOGe6g +ZG0mwHhhDFchD+5Vky6EkafBlu+aa45yQ9UO6LXat0XgE+Qg/gLajOkSMQnwUSYw +OeyyrvyeRW/NjXYD8Y15TkXPnDXjE9cMijamFGv3Ogf8Z+Xy0LAW+WpDQq4xjXj7 +mIgzC44C8U1Ji14gugk1aE3T34a9KAr7P42Fp1M8NZuE0wWuKJd3e/VXqOUvjVFt +enko6tTFLg2yidvNk3iR7j2XIdB3+SapDmbSCp01D79bVkiWQB1rwrkBDQRgmvLg +AQgAx3MTWZRG12qIGlY25QYYta74TA52aa2mQuy9e7Rf4GxHxTr99lwK0UYVDg9M +XY8ry/BvOh4O+5HWWlIgMfeEIL4BF6r2DROoRx5LyENtMmMNLw9sKTDftmZUq2ci +4mqN9GqnbKd+ppKRvkR+D1nQ3gyXKvkv9PuEWdGpUwwoqa/55PeU5Fyt/Qnf4Hnh +kXrYovRqQlpJWQCVNdumXczMRKCJLBuwGoAFCdm3zHHV8dLVKt6ioV0OSBFtOiq/ +Lcb6sE/WSt+TDhMG14Lie4OM0iV/V+EtT/ENlhAY8ViVvbWe+8eH/iQGcc92lQmr +CwpKB42DYvvo2R03/9IYJ0ls3QARAQABiQNEBBgBAgAPBQJgmvLgAhsCBQkB4TOA +ASkJEDnTGYeTENP8wF0gBBkBAgAGBQJgmvLgAAoJEMLuKvZULAO0w5cH/1qvMK9r +W9voJR6vA4OMmganK+W28noRyJlWFZ9Rt/5Wdb3zPIV53p+aR9DIso2mI1JpaonD +9r+slKglu7ZoHCqnD55sdTl27SBpFblSQqHUQGKwpvIYMH+jj6NIgRkPDhe+YSVo +xVQS5fexN2vuzAsYGdewtAvx3T8a/Py0kVC7VSLiJjLJdF1lFAF6RWI/AWrpjh/c +fXUU1ZdKbJNruyv43rJka6Rj4rZ6qSTKj71+Pu7IYbu3lRj2SfBOrMIdCiltIo/N +65RVwIies/9/intR44h1QrYPujQdMwMreKKv/LhI0u/JNNDK1kTzf2cGl0nYLV1c +7Bx0BIWeYUrEVcG+Sg//SNGWG7klaLtifTg6UxHkgRkXajDCTATppCL45Lz9hPD4 ++SgroZnWEWAordqBKHVGVE2d3kyo0Nz7dh7OVAkyV4/QReHaD0+LqnbgRhuiAFHi +QwAl+jXQopAFD2MUX1LskelmqSLV4b1aUN4jnGiyhsuEvp2AiTEvrx4KqcxJE88B +f2jstY7+PxKQEFLOpzH4A8hiU9hsrhW8K0ymxyTTNPHpUAkl6qE7nFFAemcr8HWw +F30Iut2tLa5haeJTTj+xXI52dUEnertlpewLcl1AKTUedNsFbSgzg6glh9/NyNB7 +XrKDk/yPABEpDkrPVPcHCVLCm1Ya4ro6esp18i+wDWeBFaOuK/NM1pgyy/RXsCFr +mhAA0I1QCldD1oTv2F5MMlVT5TqcJC54martiVHhKs/4yylR5IutDniZ458VqAH+ +1B0WDoJC58lGcUHai4o4hxhVwdBGoxz4UoTUX80N5wB/0esf02H8aBwuGh0VMen8 +my8hu3OnqfyScab9j6TB+tnfFM7pa8vJ9nZeDn2oHyYj9T22NYa1FYRkK40wzylo +IU/Nmemh0/JXnpEe7b5qrGyC3M2VhXs2vnX+LaKWTFFLHgB6Yt5LbRYDiRApcuRF +SwThr6EACG9HRPr76uRLE6Wkifn7NrIRbD3nrAzdxNLHBIK+veTVDQOGoxf7jOU= +=4bMD +-----END PGP PUBLIC KEY BLOCK----- diff --git a/distribution/tools/plugin-cli/src/test/java/org/opensearch/plugins/InstallPluginCommandTests.java b/distribution/tools/plugin-cli/src/test/java/org/opensearch/plugins/InstallPluginCommandTests.java index 7c462481292..a57050540a2 100644 --- a/distribution/tools/plugin-cli/src/test/java/org/opensearch/plugins/InstallPluginCommandTests.java +++ b/distribution/tools/plugin-cli/src/test/java/org/opensearch/plugins/InstallPluginCommandTests.java @@ -935,8 +935,8 @@ public class InstallPluginCommandTests extends OpenSearchTestCase { String checksum = shaCalculator.apply(zipbytes); Files.write(shaFile, checksum.getBytes(StandardCharsets.UTF_8)); return shaFile.toUri().toURL(); - } else if ((url + ".asc").equals(urlString)) { - final Path ascFile = temp.apply("asc").resolve("downloaded.zip" + ".asc"); + } else if ((url + ".sig").equals(urlString)) { + final Path ascFile = temp.apply("sig").resolve("downloaded.zip" + ".sig"); final byte[] zipBytes = Files.readAllBytes(pluginZip); final String asc = signature.apply(zipBytes, secretKey); Files.write(ascFile, asc.getBytes(StandardCharsets.UTF_8));