From df5a52407e775f53f5f0e34940e536d13812691f Mon Sep 17 00:00:00 2001 From: Mattia Bertorello Date: Wed, 24 Jul 2019 12:36:22 +0200 Subject: [PATCH] Add PREF_CONTRIBUTIONS_TRUST_ALL and download the signature in any case --- arduino-core/src/cc/arduino/Constants.java | 1 + .../DownloadableContributionsDownloader.java | 15 ++++++++++----- .../packages/ContributionsIndexer.java | 3 +-- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/arduino-core/src/cc/arduino/Constants.java b/arduino-core/src/cc/arduino/Constants.java index 67e3a4f82d3..8a0b47a5bc6 100644 --- a/arduino-core/src/cc/arduino/Constants.java +++ b/arduino-core/src/cc/arduino/Constants.java @@ -37,6 +37,7 @@ public class Constants { public static final String PREF_REMOVE_PLACEHOLDER = "___REMOVE___"; public static final String PREF_BOARDS_MANAGER_ADDITIONAL_URLS = "boardsmanager.additional.urls"; public static final String PREF_CONTRIBUTIONS_TRUST_ALL = "contributions.trust.all"; + public static final String ALLOW_INSECURE_PACKAGES = "allow_insecure_packages"; public static final String DEFAULT_INDEX_FILE_NAME = "package_index.json"; public static final String BUNDLED_INDEX_FILE_NAME = "package_index_bundled.json"; diff --git a/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java b/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java index ba92f89050c..6503e8d4f21 100644 --- a/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java +++ b/arduino-core/src/cc/arduino/contributions/DownloadableContributionsDownloader.java @@ -29,6 +29,7 @@ package cc.arduino.contributions; +import cc.arduino.Constants; import cc.arduino.utils.FileHash; import cc.arduino.utils.MultiStepProgress; import cc.arduino.utils.Progress; @@ -199,11 +200,9 @@ public boolean verifyDomain(URL url) { public boolean checkSignature(MultiStepProgress progress, URL signatureUrl, ProgressListener progressListener, SignatureVerifier signatureVerifier, String statusText, File fileToVerify) throws Exception { final boolean allowInsecurePackages = - PreferencesData.getBoolean("allow_insecure_packages", false); - if (allowInsecurePackages) { - log.info("Allow insecure packages is true the signature will be skip and return always verified"); - return true; - } + PreferencesData.getBoolean(Constants.ALLOW_INSECURE_PACKAGES, false); + final boolean trustAll = PreferencesData.getBoolean(Constants.PREF_CONTRIBUTIONS_TRUST_ALL); + final boolean skipVerification = allowInsecurePackages || trustAll; // Signature file name final String signatureFileName = FilenameUtils.getName(signatureUrl.getPath()); @@ -215,6 +214,12 @@ public boolean checkSignature(MultiStepProgress progress, URL signatureUrl, Prog // Download signature download(signatureUrl, packageIndexSignatureTemp, progress, statusText, progressListener, true); + if (skipVerification) { + log.info("Allowing insecure packages because allow_insecure_packages is set to true in preferences.txt" + + " but the signature was download"); + return true; + } + // Verify the signature before move the files final boolean signatureVerified = signatureVerifier.isSigned(fileToVerify, packageIndexSignatureTemp); if (signatureVerified) { diff --git a/arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java b/arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java index 35a53e906de..cbd7565ac48 100644 --- a/arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java +++ b/arduino-core/src/cc/arduino/contributions/packages/ContributionsIndexer.java @@ -33,7 +33,6 @@ import cc.arduino.contributions.DownloadableContribution; import cc.arduino.contributions.SignatureVerificationFailedException; import cc.arduino.contributions.SignatureVerifier; - import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; @@ -87,7 +86,7 @@ public void parseIndex() throws Exception { File defaultIndexFile = getIndexFile(Constants.DEFAULT_INDEX_FILE_NAME); if (defaultIndexFile.exists()) { // Check main index signature - if (!PreferencesData.getBoolean("allow_insecure_packages") && !signatureVerifier.isSigned(defaultIndexFile)) { + if (!PreferencesData.getBoolean(Constants.ALLOW_INSECURE_PACKAGES) && !signatureVerifier.isSigned(defaultIndexFile)) { throw new SignatureVerificationFailedException(Constants.DEFAULT_INDEX_FILE_NAME); }