1
0
mirror of https://github.com/arduino/Arduino.git synced 2024-12-01 12:24:14 +01:00

Add PREF_CONTRIBUTIONS_TRUST_ALL and download the signature in any case

This commit is contained in:
Mattia Bertorello 2019-07-24 12:36:22 +02:00 committed by Cristian Maglie
parent c3fdb10244
commit df5a52407e
3 changed files with 12 additions and 7 deletions

View File

@ -37,6 +37,7 @@ public class Constants {
public static final String PREF_REMOVE_PLACEHOLDER = "___REMOVE___"; public static final String PREF_REMOVE_PLACEHOLDER = "___REMOVE___";
public static final String PREF_BOARDS_MANAGER_ADDITIONAL_URLS = "boardsmanager.additional.urls"; public static final String PREF_BOARDS_MANAGER_ADDITIONAL_URLS = "boardsmanager.additional.urls";
public static final String PREF_CONTRIBUTIONS_TRUST_ALL = "contributions.trust.all"; public static final String PREF_CONTRIBUTIONS_TRUST_ALL = "contributions.trust.all";
public static final String ALLOW_INSECURE_PACKAGES = "allow_insecure_packages";
public static final String DEFAULT_INDEX_FILE_NAME = "package_index.json"; public static final String DEFAULT_INDEX_FILE_NAME = "package_index.json";
public static final String BUNDLED_INDEX_FILE_NAME = "package_index_bundled.json"; public static final String BUNDLED_INDEX_FILE_NAME = "package_index_bundled.json";

View File

@ -29,6 +29,7 @@
package cc.arduino.contributions; package cc.arduino.contributions;
import cc.arduino.Constants;
import cc.arduino.utils.FileHash; import cc.arduino.utils.FileHash;
import cc.arduino.utils.MultiStepProgress; import cc.arduino.utils.MultiStepProgress;
import cc.arduino.utils.Progress; import cc.arduino.utils.Progress;
@ -199,11 +200,9 @@ public class DownloadableContributionsDownloader {
public boolean checkSignature(MultiStepProgress progress, URL signatureUrl, ProgressListener progressListener, SignatureVerifier signatureVerifier, String statusText, File fileToVerify) throws Exception { public boolean checkSignature(MultiStepProgress progress, URL signatureUrl, ProgressListener progressListener, SignatureVerifier signatureVerifier, String statusText, File fileToVerify) throws Exception {
final boolean allowInsecurePackages = final boolean allowInsecurePackages =
PreferencesData.getBoolean("allow_insecure_packages", false); PreferencesData.getBoolean(Constants.ALLOW_INSECURE_PACKAGES, false);
if (allowInsecurePackages) { final boolean trustAll = PreferencesData.getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL);
log.info("Allow insecure packages is true the signature will be skip and return always verified"); final boolean skipVerification = allowInsecurePackages || trustAll;
return true;
}
// Signature file name // Signature file name
final String signatureFileName = FilenameUtils.getName(signatureUrl.getPath()); final String signatureFileName = FilenameUtils.getName(signatureUrl.getPath());
@ -215,6 +214,12 @@ public class DownloadableContributionsDownloader {
// Download signature // Download signature
download(signatureUrl, packageIndexSignatureTemp, progress, statusText, progressListener, true); download(signatureUrl, packageIndexSignatureTemp, progress, statusText, progressListener, true);
if (skipVerification) {
log.info("Allowing insecure packages because allow_insecure_packages is set to true in preferences.txt" +
" but the signature was download");
return true;
}
// Verify the signature before move the files // Verify the signature before move the files
final boolean signatureVerified = signatureVerifier.isSigned(fileToVerify, packageIndexSignatureTemp); final boolean signatureVerified = signatureVerifier.isSigned(fileToVerify, packageIndexSignatureTemp);
if (signatureVerified) { if (signatureVerified) {

View File

@ -33,7 +33,6 @@ import cc.arduino.Constants;
import cc.arduino.contributions.DownloadableContribution; import cc.arduino.contributions.DownloadableContribution;
import cc.arduino.contributions.SignatureVerificationFailedException; import cc.arduino.contributions.SignatureVerificationFailedException;
import cc.arduino.contributions.SignatureVerifier; import cc.arduino.contributions.SignatureVerifier;
import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
@ -87,7 +86,7 @@ public class ContributionsIndexer {
File defaultIndexFile = getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME); File defaultIndexFile = getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME);
if (defaultIndexFile.exists()) { if (defaultIndexFile.exists()) {
// Check main index signature // Check main index signature
if (!PreferencesData.getBoolean("allow_insecure_packages") && !signatureVerifier.isSigned(defaultIndexFile)) { if (!PreferencesData.getBoolean(Constants.ALLOW_INSECURE_PACKAGES) && !signatureVerifier.isSigned(defaultIndexFile)) {
throw new SignatureVerificationFailedException(Constants.DEFAULT_INDEX_FILE_NAME); throw new SignatureVerificationFailedException(Constants.DEFAULT_INDEX_FILE_NAME);
} }