mirror of
https://github.com/arduino/Arduino.git
synced 2024-12-01 12:24:14 +01:00
Add PREF_CONTRIBUTIONS_TRUST_ALL and download the signature in any case
This commit is contained in:
parent
c3fdb10244
commit
df5a52407e
@ -37,6 +37,7 @@ public class Constants {
|
|||||||
public static final String PREF_REMOVE_PLACEHOLDER = "___REMOVE___";
|
public static final String PREF_REMOVE_PLACEHOLDER = "___REMOVE___";
|
||||||
public static final String PREF_BOARDS_MANAGER_ADDITIONAL_URLS = "boardsmanager.additional.urls";
|
public static final String PREF_BOARDS_MANAGER_ADDITIONAL_URLS = "boardsmanager.additional.urls";
|
||||||
public static final String PREF_CONTRIBUTIONS_TRUST_ALL = "contributions.trust.all";
|
public static final String PREF_CONTRIBUTIONS_TRUST_ALL = "contributions.trust.all";
|
||||||
|
public static final String ALLOW_INSECURE_PACKAGES = "allow_insecure_packages";
|
||||||
|
|
||||||
public static final String DEFAULT_INDEX_FILE_NAME = "package_index.json";
|
public static final String DEFAULT_INDEX_FILE_NAME = "package_index.json";
|
||||||
public static final String BUNDLED_INDEX_FILE_NAME = "package_index_bundled.json";
|
public static final String BUNDLED_INDEX_FILE_NAME = "package_index_bundled.json";
|
||||||
|
@ -29,6 +29,7 @@
|
|||||||
|
|
||||||
package cc.arduino.contributions;
|
package cc.arduino.contributions;
|
||||||
|
|
||||||
|
import cc.arduino.Constants;
|
||||||
import cc.arduino.utils.FileHash;
|
import cc.arduino.utils.FileHash;
|
||||||
import cc.arduino.utils.MultiStepProgress;
|
import cc.arduino.utils.MultiStepProgress;
|
||||||
import cc.arduino.utils.Progress;
|
import cc.arduino.utils.Progress;
|
||||||
@ -199,11 +200,9 @@ public class DownloadableContributionsDownloader {
|
|||||||
public boolean checkSignature(MultiStepProgress progress, URL signatureUrl, ProgressListener progressListener, SignatureVerifier signatureVerifier, String statusText, File fileToVerify) throws Exception {
|
public boolean checkSignature(MultiStepProgress progress, URL signatureUrl, ProgressListener progressListener, SignatureVerifier signatureVerifier, String statusText, File fileToVerify) throws Exception {
|
||||||
|
|
||||||
final boolean allowInsecurePackages =
|
final boolean allowInsecurePackages =
|
||||||
PreferencesData.getBoolean("allow_insecure_packages", false);
|
PreferencesData.getBoolean(Constants.ALLOW_INSECURE_PACKAGES, false);
|
||||||
if (allowInsecurePackages) {
|
final boolean trustAll = PreferencesData.getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL);
|
||||||
log.info("Allow insecure packages is true the signature will be skip and return always verified");
|
final boolean skipVerification = allowInsecurePackages || trustAll;
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Signature file name
|
// Signature file name
|
||||||
final String signatureFileName = FilenameUtils.getName(signatureUrl.getPath());
|
final String signatureFileName = FilenameUtils.getName(signatureUrl.getPath());
|
||||||
@ -215,6 +214,12 @@ public class DownloadableContributionsDownloader {
|
|||||||
// Download signature
|
// Download signature
|
||||||
download(signatureUrl, packageIndexSignatureTemp, progress, statusText, progressListener, true);
|
download(signatureUrl, packageIndexSignatureTemp, progress, statusText, progressListener, true);
|
||||||
|
|
||||||
|
if (skipVerification) {
|
||||||
|
log.info("Allowing insecure packages because allow_insecure_packages is set to true in preferences.txt" +
|
||||||
|
" but the signature was download");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
// Verify the signature before move the files
|
// Verify the signature before move the files
|
||||||
final boolean signatureVerified = signatureVerifier.isSigned(fileToVerify, packageIndexSignatureTemp);
|
final boolean signatureVerified = signatureVerifier.isSigned(fileToVerify, packageIndexSignatureTemp);
|
||||||
if (signatureVerified) {
|
if (signatureVerified) {
|
||||||
|
@ -33,7 +33,6 @@ import cc.arduino.Constants;
|
|||||||
import cc.arduino.contributions.DownloadableContribution;
|
import cc.arduino.contributions.DownloadableContribution;
|
||||||
import cc.arduino.contributions.SignatureVerificationFailedException;
|
import cc.arduino.contributions.SignatureVerificationFailedException;
|
||||||
import cc.arduino.contributions.SignatureVerifier;
|
import cc.arduino.contributions.SignatureVerifier;
|
||||||
|
|
||||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||||
import com.fasterxml.jackson.databind.DeserializationFeature;
|
import com.fasterxml.jackson.databind.DeserializationFeature;
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
@ -87,7 +86,7 @@ public class ContributionsIndexer {
|
|||||||
File defaultIndexFile = getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME);
|
File defaultIndexFile = getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME);
|
||||||
if (defaultIndexFile.exists()) {
|
if (defaultIndexFile.exists()) {
|
||||||
// Check main index signature
|
// Check main index signature
|
||||||
if (!PreferencesData.getBoolean("allow_insecure_packages") && !signatureVerifier.isSigned(defaultIndexFile)) {
|
if (!PreferencesData.getBoolean(Constants.ALLOW_INSECURE_PACKAGES) && !signatureVerifier.isSigned(defaultIndexFile)) {
|
||||||
throw new SignatureVerificationFailedException(Constants.DEFAULT_INDEX_FILE_NAME);
|
throw new SignatureVerificationFailedException(Constants.DEFAULT_INDEX_FILE_NAME);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user