Merge remote-tracking branch 'origin/0.5.2' into 0.5.2

gui/src/main/java/io/bisq/gui/main/overlays/windows/downloadupdate/BisqInstaller.java

@@ -22,12 +22,14 @@ import io.bisq.common.util.Utilities;
 import lombok.Builder;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.openpgp.*;
 import org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider;
 import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
 import org.jetbrains.annotations.NotNull;
 
 import java.io.*;
+import java.security.Security;
 import java.security.SignatureException;
 import java.util.Iterator;
 import java.util.List;
@@ -50,7 +52,7 @@ public class BisqInstaller {
         // Get installer filename on all platforms
         FileDescriptor installerFileDescriptor = getInstallerDescriptor(version, partialUrl);
         List<FileDescriptor> keyFileDescriptors = getKeyFileDescriptors();
-        List<FileDescriptor> sigFileDescriptors = getSigFileDescriptors(installerFileDescriptor);
+        List<FileDescriptor> sigFileDescriptors = getSigFileDescriptors(installerFileDescriptor, keyFileDescriptors);
 
         List<FileDescriptor> allFiles = Lists.newArrayList();
         allFiles.addAll(keyFileDescriptors);
@@ -107,9 +109,6 @@ public class BisqInstaller {
      *                   <code>FileNotFoundException, IOException, SignatureException, PGPException</code>
      */
     public static VerifyStatusEnum verifySignature(File pubKeyFile, File sigFile, File dataFile) throws Exception {
-        // TODO why is that needed?
-        //Security.addProvider(new BouncyCastleProvider());
-
         InputStream inputStream;
         int bytesRead;
         PGPPublicKey publicKey;
@@ -171,7 +170,7 @@ public class BisqInstaller {
 
 
     @NotNull
-    private FileDescriptor getInstallerDescriptor(String version, String partialUrl) {
+    public FileDescriptor getInstallerDescriptor(String version, String partialUrl) {
         String fileName;
         String prefix = "Bisq-";
         // https://github.com/bitsquare/bitsquare/releases/download/v0.5.1/Bisq-0.5.1.dmg
@@ -189,6 +188,12 @@ public class BisqInstaller {
                 .fileName(fileName).id(fileName).loadUrl(partialUrl.concat(fileName)).build();
     }
 
+    /**
+     * The files containing the gpg keys of the bisq signers.
+     * Currently these are 2 hard-coded keys, one included with bisq and the same key online for maximum security.
+     *
+     * @return list of keys to check agains corresponding sigs.
+     */
     public List<FileDescriptor> getKeyFileDescriptors() {
         String fingerprint = LOCAL_FINGER_PRINT;
         String fileName = fingerprint + ".asc";
@@ -208,19 +213,26 @@ public class BisqInstaller {
         );
     }
 
-    public List<FileDescriptor> getSigFileDescriptors(FileDescriptor installerFileDescriptor) {
+    /**
+     * There is one installer file, X keys and X sigs. The id links the sig to its key.
+     * If we switch to multiple keys, the filename should also be key-dependent (filename.F1234.asc).
+     *
+     * @param installerFileDescriptor which installer file should this signatures be linked to?
+     * @return
+     */
+    public List<FileDescriptor> getSigFileDescriptors(FileDescriptor installerFileDescriptor, List<FileDescriptor> keys) {
         String suffix = ".asc";
+        List<FileDescriptor> result = Lists.newArrayList();
 
-        // TODO Shouldn't it be:
-        //   .id(installerFileDescriptor.getId())
-        // instead of:
-        //   .id(FINGER_PRINT_F379A1C6)
-        return Lists.newArrayList(FileDescriptor.builder()
-                .type(DownloadType.SIG)
-                .fileName(installerFileDescriptor.getFileName().concat(suffix))
-                .id(LOCAL_FINGER_PRINT)
-                .loadUrl(installerFileDescriptor.getLoadUrl().concat(suffix))
-                .build());
+        for(FileDescriptor key: keys) {
+            result.add(FileDescriptor.builder()
+                    .type(DownloadType.SIG)
+                    .fileName(installerFileDescriptor.getFileName().concat(suffix))
+                    .id(key.getId())
+                    .loadUrl(installerFileDescriptor.getLoadUrl().concat(suffix))
+                    .build());
+        }
+        return result;
     }
 
     @Data

gui/src/main/java/io/bisq/gui/main/overlays/windows/downloadupdate/DisplayUpdateDownloadWindow.java

@@ -187,6 +187,8 @@ public class DisplayUpdateDownloadWindow extends Overlay<DisplayUpdateDownloadWi
         String downloadFailedString = Res.get("displayUpdateDownloadWindow.download.failed");
         downloadButton.setOnAction(e -> {
             if (installer.isSupportedOS()) {
+                downloadedFiles.clear();
+                verifiedSigs.clear();
                 downloadButton.setDisable(true);
                 progressBar.setVisible(true);
                 downloadedFilesLabel.setOpacity(1);
@@ -243,6 +245,7 @@ public class DisplayUpdateDownloadWindow extends Overlay<DisplayUpdateDownloadWi
                                 stopAnimations();
 
                                 List<VerifyDescriptor> verifyResults = verifyTask.getValue();
+                                // check that there are no failed verifications
                                 Optional<VerifyDescriptor> verifyFailed = verifyResults.stream()
                                         .filter(verifyDescriptor -> !BisqInstaller.VerifyStatusEnum.OK.equals(verifyDescriptor.getVerifyStatusEnum())).findFirst();
                                 if (verifyResults == null || verifyResults.isEmpty() || verifyFailed.isPresent()) {

gui/src/main/java/io/bisq/gui/main/overlays/windows/downloadupdate/VerifyTask.java

@@ -69,12 +69,16 @@ public class VerifyTask extends Task<List<VerifyDescriptor>> {
 
         List<FileDescriptor> sigs = fileDescriptors.stream().filter(fileDescriptor -> DownloadType.SIG.equals(fileDescriptor.getType())).collect(Collectors.toList());
         List<VerifyDescriptor> verifyDescriptors = Lists.newArrayList();
+
+        // iterate all signatures available to us
         for (FileDescriptor sig : sigs) {
             VerifyDescriptor.VerifyDescriptorBuilder verifyDescriptorBuilder = VerifyDescriptor.builder().sigFile(sig.getSaveFile());
+            // Sigs are linked to keys, extract all keys which have the same id
             List<FileDescriptor> keys = fileDescriptors.stream()
-                    .filter(fileDescriptor -> DownloadType.KEY.equals(fileDescriptor.getType()))
-                    .filter(fileDescriptor -> sig.getId().equals(fileDescriptor.getId()))
+                    .filter(keyDescriptor -> DownloadType.KEY.equals(keyDescriptor.getType()))
+                    .filter(keyDescriptor -> sig.getId().equals(keyDescriptor.getId()))
                     .collect(Collectors.toList());
+            // iterate all keys which have the same id
             for (FileDescriptor key : keys) {
                 verifyDescriptorBuilder.keyFile(key.getSaveFile());
                 try {

gui/src/test/java/io/bisq/gui/main/overlays/windows/downloadupdate/BisqInstallerTest.java

@@ -1,9 +1,13 @@
 package io.bisq.gui.main.overlays.windows.downloadupdate;
 
+import com.google.common.collect.Lists;
+import io.bisq.gui.main.overlays.windows.downloadupdate.BisqInstaller.FileDescriptor;
+import lombok.extern.slf4j.Slf4j;
 import org.junit.Test;
 
 import java.io.File;
 import java.net.URL;
+import java.util.List;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
@@ -25,6 +29,7 @@ import static org.junit.Assert.assertTrue;
  * You should have received a copy of the GNU Affero General Public License
  * along with bisq. If not, see <http://www.gnu.org/licenses/>.
  */
+@Slf4j
 public class BisqInstallerTest {
     @Test
     public void call() throws Exception {
@@ -64,4 +69,17 @@ public class BisqInstallerTest {
     public void getIndex() throws Exception {
     }
 
+    @Test
+    public void getSigFileDescriptors() throws Exception {
+        BisqInstaller bisqInstaller = new BisqInstaller();
+        FileDescriptor installerFileDescriptor = FileDescriptor.builder().fileName("filename.txt").id("filename").loadUrl("url://filename.txt").build();
+        FileDescriptor key1 = FileDescriptor.builder().fileName("key1").id("key1").loadUrl("").build();
+        FileDescriptor key2 = FileDescriptor.builder().fileName("key2").id("key2").loadUrl("").build();
+        List<FileDescriptor> sigFileDescriptors = bisqInstaller.getSigFileDescriptors(installerFileDescriptor, Lists.newArrayList(key1));
+        assertEquals(1, sigFileDescriptors.size());
+        sigFileDescriptors = bisqInstaller.getSigFileDescriptors(installerFileDescriptor, Lists.newArrayList(key1, key2));
+        assertEquals(2, sigFileDescriptors.size());
+        log.info("test");
+
+    }
 }

gui/src/test/java/io/bisq/gui/main/overlays/windows/downloadupdate/VerifyTaskTest.java

@@ -0,0 +1,28 @@
+package io.bisq.gui.main.overlays.windows.downloadupdate;
+
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+/*
+ * This file is part of bisq.
+ *
+ * bisq is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * bisq is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with bisq. If not, see <http://www.gnu.org/licenses/>.
+ */
+public class VerifyTaskTest {
+    @Test
+    public void call() throws Exception {
+    }
+
+}