From 94dd6953553ebf27a10cdf6453611d1ed037f1fd Mon Sep 17 00:00:00 2001 From: Mattia Bertorello Date: Wed, 24 Jul 2019 17:27:12 +0200 Subject: [PATCH] Add areInsecurePackagesAllowed method --- .../DownloadableContributionsDownloader.java | 7 +---- .../packages/ContributionInstaller.java | 6 ++--- .../packages/ContributionsIndexer.java | 4 +-- .../src/processing/app/PreferencesData.java | 27 ++++++++++++------- 4 files changed, 23 insertions(+), 21 deletions(-) diff --git a/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java b/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java index ac5677212c6..4ddca67b3cd 100644 --- a/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java +++ b/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java @@ -29,7 +29,6 @@ package cc.arduino.contributions; -import cc.arduino.Constants; import cc.arduino.utils.FileHash; import cc.arduino.utils.MultiStepProgress; import cc.arduino.utils.Progress; @@ -199,10 +198,6 @@ public boolean verifyDomain(URL url) { public boolean checkSignature(MultiStepProgress progress, URL signatureUrl, ProgressListener progressListener, SignatureVerifier signatureVerifier, String statusText, File fileToVerify) throws Exception { - final boolean allowInsecurePackages = - PreferencesData.getBoolean(Constants.ALLOW_INSECURE_PACKAGES, false); - final boolean trustAll = PreferencesData.getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL); - final boolean skipVerification = allowInsecurePackages || trustAll; // Signature file name final String signatureFileName = FilenameUtils.getName(signatureUrl.getPath()); @@ -214,7 +209,7 @@ public boolean checkSignature(MultiStepProgress progress, URL signatureUrl, Prog // Download signature download(signatureUrl, packageIndexSignatureTemp, progress, statusText, progressListener, true); - if (skipVerification) { + if (PreferencesData.areInsecurePackagesAllowed()) { Files.move(packageIndexSignatureTemp.toPath(), packageIndexSignature.toPath(), StandardCopyOption.REPLACE_EXISTING); log.info("Allowing insecure packages because allow_insecure_packages is set to true in preferences.txt" + " but the signature was download"); diff --git a/arduino-core/src/cc/arduino/contributions/packages/ContributionInstaller.java b/arduino-core/src/cc/arduino/contributions/packages/ContributionInstaller.java index ddcfeea5726..2b6ff4cdea8 100644 --- a/arduino-core/src/cc/arduino/contributions/packages/ContributionInstaller.java +++ b/arduino-core/src/cc/arduino/contributions/packages/ContributionInstaller.java @@ -145,7 +145,7 @@ public synchronized List install(ContributedPlatform contributedPlatform assert toolContrib.getDownloadedFile() != null; new ArchiveExtractor(platform).extract(toolContrib.getDownloadedFile(), destFolder.toFile(), 1); try { - findAndExecutePostInstallScriptIfAny(destFolder.toFile(), contributedPlatform.getParentPackage().isTrusted(), PreferencesData.getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL)); + findAndExecutePostInstallScriptIfAny(destFolder.toFile(), contributedPlatform.getParentPackage().isTrusted(), PreferencesData.areInsecurePackagesAllowed()); } catch (IOException e) { errors.add(tr("Error running post install script")); } @@ -164,7 +164,7 @@ public synchronized List install(ContributedPlatform contributedPlatform contributedPlatform.setInstalled(true); contributedPlatform.setInstalledFolder(destFolder); try { - findAndExecutePostInstallScriptIfAny(destFolder, contributedPlatform.getParentPackage().isTrusted(), PreferencesData.getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL)); + findAndExecutePostInstallScriptIfAny(destFolder, contributedPlatform.getParentPackage().isTrusted(), PreferencesData.areInsecurePackagesAllowed()); } catch (IOException e) { e.printStackTrace(); errors.add(tr("Error running post install script")); @@ -244,7 +244,7 @@ public synchronized List remove(ContributedPlatform contributedPlatform) } List errors = new LinkedList<>(); try { - findAndExecutePreUninstallScriptIfAny(contributedPlatform.getInstalledFolder(), contributedPlatform.getParentPackage().isTrusted(), PreferencesData.getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL)); + findAndExecutePreUninstallScriptIfAny(contributedPlatform.getInstalledFolder(), contributedPlatform.getParentPackage().isTrusted(), PreferencesData.areInsecurePackagesAllowed()); } catch (IOException e) { errors.add(tr("Error running post install script")); } diff --git a/arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java b/arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java index cbd7565ac48..6f86365e08b 100644 --- a/arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java +++ b/arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java @@ -86,7 +86,7 @@ public void parseIndex() throws Exception { File defaultIndexFile = getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME); if (defaultIndexFile.exists()) { // Check main index signature - if (!PreferencesData.getBoolean(Constants.ALLOW_INSECURE_PACKAGES) && !signatureVerifier.isSigned(defaultIndexFile)) { + if (!PreferencesData.areInsecurePackagesAllowed() && !signatureVerifier.isSigned(defaultIndexFile)) { throw new SignatureVerificationFailedException(Constants.DEFAULT_INDEX_FILE_NAME); } @@ -142,7 +142,7 @@ private void mergeContributions(File indexFile) throws IOException { ContributionsIndex contributionsIndex = parseIndex(indexFile); boolean signed = signatureVerifier.isSigned(indexFile); - boolean trustall = PreferencesData.getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL); + boolean trustall = PreferencesData.areInsecurePackagesAllowed(); for (ContributedPackage contributedPackage : contributionsIndex.getPackages()) { contributedPackage.setTrusted(signed || trustall); diff --git a/arduino-core/src/processing/app/PreferencesData.java b/arduino-core/src/processing/app/PreferencesData.java index 251922c0e25..01f4568ad5b 100644 --- a/arduino-core/src/processing/app/PreferencesData.java +++ b/arduino-core/src/processing/app/PreferencesData.java @@ -1,9 +1,14 @@ package processing.app; -import static processing.app.I18n.format; -import static processing.app.I18n.tr; +import cc.arduino.Constants; +import cc.arduino.i18n.Languages; +import org.apache.commons.compress.utils.IOUtils; +import processing.app.helpers.PreferencesHelper; +import processing.app.helpers.PreferencesMap; +import processing.app.legacy.PApplet; +import processing.app.legacy.PConstants; -import java.awt.Font; +import java.awt.*; import java.io.File; import java.io.IOException; import java.io.PrintWriter; @@ -13,13 +18,8 @@ import java.util.MissingResourceException; import java.util.stream.Collectors; -import org.apache.commons.compress.utils.IOUtils; - -import cc.arduino.i18n.Languages; -import processing.app.helpers.PreferencesHelper; -import processing.app.helpers.PreferencesMap; -import processing.app.legacy.PApplet; -import processing.app.legacy.PConstants; +import static processing.app.I18n.format; +import static processing.app.I18n.tr; public class PreferencesData { @@ -275,4 +275,11 @@ public static void setCollection(String key, Collection values) { String value = values.stream().collect(Collectors.joining(",")); set(key, value); } + + public static boolean areInsecurePackagesAllowed() { + if (getBoolean(Constants.ALLOW_INSECURE_PACKAGES, false)) { + return true; + } + return getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL, false); + } }