diff --git a/src/main/scala/gitbucket/core/util/GpgUtil.scala b/src/main/scala/gitbucket/core/util/GpgUtil.scala index c5f0a73..e6f50ab 100644 --- a/src/main/scala/gitbucket/core/util/GpgUtil.scala +++ b/src/main/scala/gitbucket/core/util/GpgUtil.scala @@ -1,8 +1,7 @@ package gitbucket.core.util + import java.io.ByteArrayInputStream - import scala.jdk.CollectionConverters._ - import gitbucket.core.model.Profile._ import gitbucket.core.model.Profile.profile.blockingApi._ import org.bouncycastle.bcpg.ArmoredInputStream @@ -34,29 +33,33 @@ } def verifySign(signInfo: JGitUtil.GpgSignInfo)(implicit s: Session): Option[JGitUtil.GpgVerifyInfo] = { - new BcPGPObjectFactory(new ArmoredInputStream(new ByteArrayInputStream(signInfo.signArmored))) - .iterator() - .asScala - .flatMap { - case signList: PGPSignatureList => - signList - .iterator() - .asScala - .flatMap { sign => - getGpgKey(sign.getKeyID) - .map { pubKey => - sign.init(new BcPGPContentVerifierBuilderProvider, pubKey) - sign.update(signInfo.target) - (sign, pubKey) - } - .collect { - case (sign, pubKey) if sign.verify() => - JGitUtil.GpgVerifyInfo(pubKey.getUserIDs.next, pubKey.getKeyID.toHexString.toUpperCase) - } - } + try { + new BcPGPObjectFactory(new ArmoredInputStream(new ByteArrayInputStream(signInfo.signArmored))) + .iterator() + .asScala + .flatMap { + case signList: PGPSignatureList => + signList + .iterator() + .asScala + .flatMap { sign => + getGpgKey(sign.getKeyID) + .map { pubKey => + sign.init(new BcPGPContentVerifierBuilderProvider, pubKey) + sign.update(signInfo.target) + (sign, pubKey) + } + .collect { + case (sign, pubKey) if sign.verify() => + JGitUtil.GpgVerifyInfo(pubKey.getUserIDs.next, pubKey.getKeyID.toHexString.toUpperCase) + } + } + } + .toList + .headOption + } catch { + case _: Throwable => None + } - } - .toList - .headOption } }