From 9df753e05e4eaa95c76c7319f3259f7aa47319d7 Mon Sep 17 00:00:00 2001 From: David Pursehouse Date: Tue, 7 Nov 2017 15:53:59 +0900 Subject: [PATCH] PostGpgKeys: Gracefully handle malformed GPG keys input Bug: Issue 7647 Change-Id: I226e1d560936db1f1ef0d447ea00b59c66189a96 --- .../google/gerrit/acceptance/api/accounts/AccountIT.java | 8 ++++++++ .../java/com/google/gerrit/gpg/server/PostGpgKeys.java | 3 +++ 2 files changed, 11 insertions(+) diff --git a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/api/accounts/AccountIT.java b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/api/accounts/AccountIT.java index 75fd4486a5..61a38302d1 100644 --- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/api/accounts/AccountIT.java +++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/api/accounts/AccountIT.java @@ -787,6 +787,14 @@ public class AccountIT extends AbstractDaemonTest { ImmutableList.of(key2.getKeyIdString())); } + @Test + public void addMalformedGpgKey() throws Exception { + String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\ntest\n-----END PGP PUBLIC KEY BLOCK-----"; + exception.expect(BadRequestException.class); + exception.expectMessage("Failed to parse GPG keys"); + addGpgKey(key); + } + @Test @UseSsh public void sshKeys() throws Exception { diff --git a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/PostGpgKeys.java b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/PostGpgKeys.java index 165402c82b..88d24ea94b 100644 --- a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/PostGpgKeys.java +++ b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/server/PostGpgKeys.java @@ -66,6 +66,7 @@ import org.bouncycastle.bcpg.ArmoredInputStream; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.bouncycastle.openpgp.PGPRuntimeOperationException; import org.bouncycastle.openpgp.bc.BcPGPObjectFactory; import org.eclipse.jgit.errors.ConfigInvalidException; import org.eclipse.jgit.lib.CommitBuilder; @@ -183,6 +184,8 @@ public class PostGpgKeys implements RestModifyView { "Cannot both add and delete key: " + keyToString(keyRing.getPublicKey())); } keyRings.add(keyRing); + } catch (PGPRuntimeOperationException e) { + throw new BadRequestException("Failed to parse GPG keys", e); } } return keyRings;