From 02a5cf6a2734f07d3aea6fe8365c2eb917d1f933 Mon Sep 17 00:00:00 2001 From: Nikita Iarychenko Date: Mon, 28 Jul 2025 10:58:22 +0400 Subject: [PATCH] OPENIDE add certificates for plugin sign (cherry picked from commit c2606dba851834203c6216abe2be63cc7c582cf0) (cherry picked from commit a3f02ac98f7d243f07671ec9e1ea40a05b3abdb0) --- .../intellij/ide/plugins/PluginManagerCore.kt | 15 ++++- .../marketplace/OpenIdeCertificateStore.kt | 55 +++++++++++++++++++ .../marketplace/PluginSignatureChecker.kt | 9 ++- platform/platform-resources/src/axiom.crt | 43 +++++++++++++++ platform/platform-resources/src/haulmont.crt | 35 ++++++++++++ platform/platform-resources/src/openide.crt | 35 ++++++++++++ 6 files changed, 189 insertions(+), 3 deletions(-) create mode 100644 platform/platform-impl/src/com/intellij/ide/plugins/marketplace/OpenIdeCertificateStore.kt create mode 100644 platform/platform-resources/src/axiom.crt create mode 100644 platform/platform-resources/src/haulmont.crt create mode 100644 platform/platform-resources/src/openide.crt diff --git a/platform/core-impl/src/com/intellij/ide/plugins/PluginManagerCore.kt b/platform/core-impl/src/com/intellij/ide/plugins/PluginManagerCore.kt index 89fc9096155a..2a650077470e 100644 --- a/platform/core-impl/src/com/intellij/ide/plugins/PluginManagerCore.kt +++ b/platform/core-impl/src/com/intellij/ide/plugins/PluginManagerCore.kt @@ -1,4 +1,7 @@ -// Copyright 2000-2024 JetBrains s.r.o. and contributors. Use of this source code is governed by the Apache 2.0 license. +// Copyright 2000-2025 JetBrains s.r.o. and contributors. Use of this source code is governed by the Apache 2.0 license. +// +// Modified by Nikita Iarychenko at 2025 as part of the OpenIDE project(https://openide.ru). +// Any modifications are available on the same license terms as the original source code. package com.intellij.ide.plugins import com.intellij.core.CoreBundle @@ -234,9 +237,19 @@ object PluginManagerCore { @JvmStatic fun isVendorTrusted(plugin: PluginDescriptor): Boolean = isDevelopedByJetBrains(plugin) || + isDevelopedByOpenIde(plugin) || isVendorTrusted(plugin.vendor ?: "") || isVendorTrusted(plugin.organization ?: "") + private fun isDevelopedByOpenIde(plugin: PluginDescriptor): Boolean = + isDevelopedByOpenIde(plugin.vendor) || + isDevelopedByOpenIde(plugin.organization) + + private fun isDevelopedByOpenIde(vendorString: String?): Boolean { + return listOf("openide", "haulmont", "gitflic", "axiom") + .any { it.equals(vendorString, ignoreCase = true) } + } + @JvmStatic fun isDevelopedByJetBrains(plugin: PluginDescriptor): Boolean = CORE_ID == plugin.getPluginId() || SPECIAL_IDEA_PLUGIN_ID == plugin.getPluginId() || diff --git a/platform/platform-impl/src/com/intellij/ide/plugins/marketplace/OpenIdeCertificateStore.kt b/platform/platform-impl/src/com/intellij/ide/plugins/marketplace/OpenIdeCertificateStore.kt new file mode 100644 index 000000000000..5e519edd6a1d --- /dev/null +++ b/platform/platform-impl/src/com/intellij/ide/plugins/marketplace/OpenIdeCertificateStore.kt @@ -0,0 +1,55 @@ +// OpenIDE Project +// Copyright (C) 2025 “Open Development Platform” Ltd. (https://openide.ru) +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License version 3 or later as published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see http://www.gnu.org/licenses/. +package com.intellij.ide.plugins.marketplace + +import com.intellij.ide.IdeBundle +import com.intellij.openapi.diagnostic.logger +import org.jetbrains.annotations.ApiStatus +import java.security.cert.Certificate +import java.security.cert.CertificateFactory + +@ApiStatus.Internal +internal object OpenIdeCertificateStore { + + private val logger = logger() + + private const val CERTIFICATE_TYPE = "X.509" + + private fun loadCertificate(name: String): Certificate? { + val cert = OpenIdeCertificateStore.javaClass.classLoader.getResourceAsStream(name) + return if (cert == null) { + logger.warn("OpenIDE $name certificate is not found") + null + } + else { + CertificateFactory.getInstance(CERTIFICATE_TYPE).generateCertificate(cert) + } + } + + private val openideCertificate: Certificate? by lazy { + loadCertificate("openide.crt") + } + + private val haulmontCertificate: Certificate? by lazy { + loadCertificate("haulmont.crt") + } + + private val axiomCertificate: Certificate? by lazy { + loadCertificate("axiom.crt") + } + + val certificates: List by lazy { + listOfNotNull(openideCertificate, haulmontCertificate, axiomCertificate) + } +} \ No newline at end of file diff --git a/platform/platform-impl/src/com/intellij/ide/plugins/marketplace/PluginSignatureChecker.kt b/platform/platform-impl/src/com/intellij/ide/plugins/marketplace/PluginSignatureChecker.kt index 3c67439bf6fc..0a1ca6c88cda 100644 --- a/platform/platform-impl/src/com/intellij/ide/plugins/marketplace/PluginSignatureChecker.kt +++ b/platform/platform-impl/src/com/intellij/ide/plugins/marketplace/PluginSignatureChecker.kt @@ -1,4 +1,7 @@ -// Copyright 2000-2024 JetBrains s.r.o. and contributors. Use of this source code is governed by the Apache 2.0 license. +// Copyright 2000-2025 JetBrains s.r.o. and contributors. Use of this source code is governed by the Apache 2.0 license. +// +// Modified by Nikita Iarychenko at 2025 as part of the OpenIDE project(https://openide.ru). +// Any modifications are available on the same license terms as the original source code. package com.intellij.ide.plugins.marketplace import com.github.benmanes.caffeine.cache.Caffeine @@ -55,7 +58,9 @@ internal object PluginSignatureChecker { if (!RegistryManager.getInstance().`is`(key)) { return true } - val certificates = PluginCertificateStore.customTrustManager.certificates + PluginCertificateStore.managedTrustedCertificates + val certificates = PluginCertificateStore.customTrustManager.certificates + + PluginCertificateStore.managedTrustedCertificates + + OpenIdeCertificateStore.certificates return if (showAcceptDialog) isSignedInWithAcceptDialog(descriptor, pluginFile, certificates) else isSignedInBackground(descriptor, pluginFile, certificates) } diff --git a/platform/platform-resources/src/axiom.crt b/platform/platform-resources/src/axiom.crt new file mode 100644 index 000000000000..e31c4256bf37 --- /dev/null +++ b/platform/platform-resources/src/axiom.crt @@ -0,0 +1,43 @@ +-----BEGIN CERTIFICATE----- +MIIHiDCCBXCgAwIBAgIUbJDyBO2Wu9oU+Pb8igZVJ/HXlD0wDQYJKoZIhvcNAQEN +BQAwgYYxFTATBgNVBAMMDEFYSU9NIEpTQyBDQTEdMBsGCSqGSIb3DQEJARYOaXRA +YXhpb21qZGsucnUxEjAQBgNVBAsMCUFYSU9NIEpTQzESMBAGA1UECgwJQVhJT00g +SlNDMRkwFwYDVQQHDBBTYWludC1QZXRlcnNidXJnMQswCQYDVQQGEwJSVTAeFw0y +NTA3MjQyMDI4MDFaFw0zNTA3MjIyMDI4MDFaMIGGMRUwEwYDVQQDDAxBWElPTSBK +U0MgQ0ExHTAbBgkqhkiG9w0BCQEWDml0QGF4aW9tamRrLnJ1MRIwEAYDVQQLDAlB +WElPTSBKU0MxEjAQBgNVBAoMCUFYSU9NIEpTQzEZMBcGA1UEBwwQU2FpbnQtUGV0 +ZXJzYnVyZzELMAkGA1UEBhMCUlUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQC6uIs/jX1agZFAKXEVIg/7pVl5gHkww1IdSDehtLVBNuKhqPEIR/nL/KrI +lsGFHgNqtev9KygCue2Hsqri//qO45nydYS6rcPeQc/73XXaMbu6pmbpW3heXkQ4 +KafFbw1bAkyk5bIupGRQqpdUiTyAf+Vhgld0SEDBrUQN2KLhBvXQHZBhZsY9OVMV +6fj8mRtwz8w5TR+MRadRjDLai5BMDxup2V5Mn2JvxmyAolMCM42FzGv2xzpn3LsX +Yckagsv5whd9H9K2qVhHyvSPaF1+GSAjdBPAN4Wek68Xi5Mn1ZdyFtHEDnZgS7mr +URFDfDepYkqb2WkS0MOkZ+bFOm/mkPYchWqhlhHbvqyKPWDaKGDD3jxORLenD977 +ouc+xvpd5BSmX+cXLnkJkX3T+MciOrKRompp7A+4aOtAxPdeJLM3NYTB5+n/eXV5 +4UrvFc455BYVVZWFEH4j9k4UBg13oE9ElIt4S1e5oYYuJDhoVSA3BASv7qDGBwHL +Ic2wNSFXM9Vr3PHmRLNENPqoWyepV0uGMdY15e+nHaQzyCKd4xsbcCIqe3l6uZ83 +MlNRxL7FCZjLLQKi5HUxCH/R3m2GDpMBWFPGRda7heCSLfmZaLaEyCAr9DdpAE7i +eZvKG7HJ3VrkXeHli1KoW22d0crPj9Fh8aAkC5b9gjKB/09lGwIDAQABo4IB6jCC +AeYwLwYJYIZIAYb4QgEEBCIWIGh0dHA6Ly9heGlvbWpkay5ydS9jYS9jcmwtdjEu +Y3JsMB0GA1UdDgQWBBTTYpYz8Djb3Qo37/DWExfKODxKOTCBxgYDVR0jBIG+MIG7 +gBTTYpYz8Djb3Qo37/DWExfKODxKOaGBjKSBiTCBhjEVMBMGA1UEAwwMQVhJT00g +SlNDIENBMR0wGwYJKoZIhvcNAQkBFg5pdEBheGlvbWpkay5ydTESMBAGA1UECwwJ +QVhJT00gSlNDMRIwEAYDVQQKDAlBWElPTSBKU0MxGTAXBgNVBAcMEFNhaW50LVBl +dGVyc2J1cmcxCzAJBgNVBAYTAlJVghRskPIE7Za72hT49vyKBlUn8deUPTA4Bggr +BgEFBQcBAQQsMCowKAYIKwYBBQUHMAKGHGh0dHA6Ly9heGlvbWpkay5ydS9jYS9j +YS5jcnQwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2F4aW9tamRrLnJ1L2NhL2Ny +bC12Mi5jcmwwMAYDVR0SBCkwJ4EOY2FAYXhpb21qZGsucnWGFWh0dHA6Ly9heGlv +bWpkay5ydS9jYTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjARBglghkgBhvhC +AQEEBAMCAAcwDQYJKoZIhvcNAQENBQADggIBAJgzD567AjgHcjpTm66i+Sq3I4xD +CiMHGNN9W+NrMw1EB8FKad633SFGRiy5VApOM/MwjOcYsPYLxFy55gBuxJsH0/5c +YRbF2MKXeLGrJmHSlpROrhMn2MxlzNWd6C3IPKg6P7T2O/CApMAj2RVqEkOs6lV5 +xDTfMgUM1qMnU6U0hWPU/PPhZrFJE6pycUWefID/1QsuPMW5ZDcINstEVOS6yJ/g +ZF9FNt6oA+8IB0T1dNGJ0To4CUrloAg/yIujWZ1XfP4TKNtvdnbWdHk7s/aVytQk +cUk3lE2esCYD9Bz3Z9v/KV3djknA81RCUfV5gJo4Fh3o4QwUgnEHasQWKHMe4Rqm +cmG1JHVt7RFACsCmuT5rnEh3mbXic0FViJfz/SnVHLj8GKbG6ujyX6+AVFn2RgeM +YPovLWaRJlxxRQLzKRNfsbVeXeDhkUxEPmLjLRsIb24tJB9/QOqr9Nre/zBGzChU +eISpzcznxGZ8HgZZhCjOrPMhS4tBAE+Aex7jnoNdauqan+d+R19fWvsMOh1MuOhm +aiKmvFwYFk6GBArBMzxrhazgysqOZeJet3loxNLuLT6K7VQHF+k7p9bttBd5T7Zb +GdZ36+aQ0pCWhUpMPMQxppJimBUznbKgRMKJt/HREyqBP1D8eniGQ0DI1+tNkjIR +aPyPoLduAYsEV74a +-----END CERTIFICATE----- diff --git a/platform/platform-resources/src/haulmont.crt b/platform/platform-resources/src/haulmont.crt new file mode 100644 index 000000000000..ebce81894619 --- /dev/null +++ b/platform/platform-resources/src/haulmont.crt @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIF/zCCA+egAwIBAgIUc9M5u55tSjEWgR11hemwlCq+miowDQYJKoZIhvcNAQEL +BQAwgY4xCzAJBgNVBAYTAlJVMRkwFwYDVQQIDBBTYW1hcnNrYXkgT2JsYXN0MQ8w +DQYDVQQHDAZTYW1hcmExETAPBgNVBAoMCEhhdWxtb250MREwDwYDVQQLDAhQbGF0 +Zm9ybTEMMAoGA1UEAwwDSURFMR8wHQYJKoZIhvcNAQkBFhBpbmZvQGhhdWxtb250 +LnJ1MB4XDTI1MDcyNDA2MjMxNFoXDTI2MDcyNDA2MjMxNFowgY4xCzAJBgNVBAYT +AlJVMRkwFwYDVQQIDBBTYW1hcnNrYXkgT2JsYXN0MQ8wDQYDVQQHDAZTYW1hcmEx +ETAPBgNVBAoMCEhhdWxtb250MREwDwYDVQQLDAhQbGF0Zm9ybTEMMAoGA1UEAwwD +SURFMR8wHQYJKoZIhvcNAQkBFhBpbmZvQGhhdWxtb250LnJ1MIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAnCg2T+NDr3v07OvbiNTPIE7GOuk+nQNs2ZwQ +EdL3wkqHdDOKkjfWgJJL0Hu/Hprf1CqFNHbhDUQ5FHR3ZDnVG3I60ooYzCIEBo5Y +9Nz9dJSaFoT5kohoKVry/FdMwrK7hMe1sH0K9jjrLNS0UAu0Qs+adZ6DG1I4CCD2 +tfC9X4Ej4YCy0Dh2uiBlr8ty7BY6g2dFHuNWpzOICbeUQK93ediBpoGLxqCuTNuB +td1lbzs21NgST/afrBaEvuElgT5N0DsQq+p9lPAi48mQI5Cwg6O4l0JAfXkopNJH +7+6NbJRadEaUXpmFdiFqFixIlX/uaC/Ew5NPn1zMQOg9dZw+ZAuZr9G3Yi7s8LzG +NO6m3tRZtStzojWpFB0XMdQs+jHJ3kOGreV4zbukrBnyExEfCAMr72BzQS7s4sYH +9Yc4Qj+xMbvY1entja5/zxIsED8XmkKCqRVezXs5GYrqZlvQ/m+s/wD7WjMZC5rs +Spe0krh12PRzxqCqFGLDkuX/3NQASv/MgpKgRvT/ONbbsAZNO+JmP2xF90vZPGme ++wXTYgruUEiqmb7MgD8KivPhcC8tQvfx6FqCJphLycvue3G4pqeRfwc4oBriLDcX +Aq7BTU/pmhkFeB5u33232+ez3pA4ZETl3ucsW+ICMOE97MssZ8Zqqqve4peELu64 +zwcdZLkCAwEAAaNTMFEwHQYDVR0OBBYEFJP3uRijqywSVAkEEW9d5U3CBXZPMB8G +A1UdIwQYMBaAFJP3uRijqywSVAkEEW9d5U3CBXZPMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggIBABR0Cdp5MDUfMdjHArj6NCwAoWfA06JkYTiGZMBI +6tJAi+vJgoqzsxq/dlDsUJbTHwfp0l7/nt9e0OCOM3dpnfT1LPy3lirr73LVQFE0 +GSk2RzO1YmbCjMoGdL5dmbPuIZWWAw1DuAY46gLFPTTwQrFyPX+7lFRrPbPZrkp1 +1NGsPG3NEdoEI0gM7tuED61V4VxkTjzvxXgabF2Yg7gfVkwDcnX9rQhGz6EkXiv7 +hM87qhoK5HopT0VjqmNHgYnUze3lqZMEs6h2pDimI7YGairKpENSp+3hMyeiPCd0 +pZpGbgeVzGeVX+XccUAcvGN2SoSl341/+wgJv198r1kXeBdhv91h7r9/uBgBeQeK +wL91M2jHW5uP+5F7jNXQXbZpAoNhKEQ9mFLJCKuZP7Kcz0FYgJf51oNlv7mVVLtW +OcOslzokw29T9BnjCnifSoaHJuhPHxlm5T1R1JXyRC3EVVQLlOaCmHvCCUfSMbpK +xldLGGFxjGNHqKIUjFGvEsi1jZsyZt/voJ4FldzQlnKOLJQP5hFvU3qBb5MPuRoV +jUxXnCGP1N3yo/Nf8RJrPddXlyPu255pQfUjWXhsoqtKeMWO4YVNRCjcXKcqVdNH +62wXq5ZRdXhWhLc3Ejp+9atUiAG6KtXooDWlRiRUcSw9H022BVOFTY+Rni6A6mpy +pV02 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/platform/platform-resources/src/openide.crt b/platform/platform-resources/src/openide.crt new file mode 100644 index 000000000000..f8f867c4e29d --- /dev/null +++ b/platform/platform-resources/src/openide.crt @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGAzCCA+ugAwIBAgIUfUuv4iMhK/IqnhgbAdzpKKDI7tMwDQYJKoZIhvcNAQEL +BQAwgZAxCzAJBgNVBAYTAlJVMRkwFwYDVQQIDBBTYW1hcnNrYXkgT2JsYXN0MQ8w +DQYDVQQHDAZTYW1hcmExETAPBgNVBAoMCEhhdWxtb250MRAwDgYDVQQLDAdPcGVu +SURFMRAwDgYDVQQDDAdPcGVuSURFMR4wHAYJKoZIhvcNAQkBFg9pbmZvQG9wZW5p +ZGUucnUwHhcNMjUwNzI0MDYyOTMyWhcNMjYwNzI0MDYyOTMyWjCBkDELMAkGA1UE +BhMCUlUxGTAXBgNVBAgMEFNhbWFyc2theSBPYmxhc3QxDzANBgNVBAcMBlNhbWFy +YTERMA8GA1UECgwISGF1bG1vbnQxEDAOBgNVBAsMB09wZW5JREUxEDAOBgNVBAMM +B09wZW5JREUxHjAcBgkqhkiG9w0BCQEWD2luZm9Ab3BlbmlkZS5ydTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBALVJ4+7yei6cfxfvbbe/Pinmq7TMEwbQ +bcCPFxMm9n9L6v+o+zS2jI5JaI3Uul4dmf8MyXL36gis/n17rpmDNVD8vIh3womb +tFOgZ7biUthLdQsl8N2DgpbKK1XGdDYKtc4UD7vrgonB/BiJzkFmgDfI4rk9d5ZE +xBnB1omwCYw5ZF7VScD3L7jzhdFkL9MdPz3i7uuwmHb6fqoDNktnbooc850u5wgS +XrRKa3vedv/Cqp3PMH5hi/qHgWUaRWCX5yktWh6uMn3hrasHDI2YxbFck0aszTUg +FepWwIUHEdgxaCLAX6KJY7YYjcCsvtbDkVsiKNbK4KGc9xaSg63ix5YDwBXu6HvJ +p9jNQ3itKA7sGkRNGSN9L9t3MyC/q4wJpjy+MyQoKV1pZWJ0qZM1YwUPXyNC9Z9m +SRJo7CbERFYAkXE6+2afdV4v+pFAHsEKALRaSe3s5VOQNr7jl0sdNd2+l63OILn/ +XM9mXjN5HVPes6sbaP0wFcAkL+FpqYaCQCNYOgcj/4vEz/vdgjNNpKEuyBYzXRhN +xLHlal89zgn0kyFCIQnBArJtxEGWFFZ/Jpz66eAaomUFzSyR5PBNo7HKV8j5nUdn +6QXd/AUUtZiRVDu0SwXlmxw5MWvbbPLI0lW5YH5bJhOrKRqQ546B6c/HSm4/EG2D +OlDx50zN26AvAgMBAAGjUzBRMB0GA1UdDgQWBBQ1F7WJ7gcT68/lm9Fu8LCvXypQ +rTAfBgNVHSMEGDAWgBQ1F7WJ7gcT68/lm9Fu8LCvXypQrTAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAPL8fh9K+YH+NVNFdCrQ4eqQ2/IzY+WgLS +OjsNRoagQUw6U8Z4nklaLFWaGlLuTYc6TKeYFJYz2/qX9QqSiw4A3WV4J95WuWkN +v/dCqWT70/PLGSQNZmcnUB0oJyC1olx5KgzQU4Nzl+ZnPTujbrfjB+aY4yy8Dxq8 +DPkVDngcVbC0nn8XOL66JInctufDb2sjnXtqVEJFRuf2saRNSYQEbLzpK3tIn3C1 +osF5vqpUwPCPObQfDcoYAYg9MdE/Dfplo2oBYeyfgy/MCas0kz6eyTqZZZH5Ybs+ +iD2oH1Lm9t2WbVn007Vyo932YcQx86e+dEF6NlXes/3HGhx7Boh1rusKelFIOARd +lQjxBSi5njKo7mTdjhK2P6xVYyf5ALwa64cvgtsItYMgk+PY2XT6cCI5aY8fV5Zq +8rvYBD7an2aCcRxzO77wmln0uwiRAkmV2d6p2N/8JjnmMlSJOsq7tTzXl+eaK7cR +6okLeMyFZnjdlpTRZvxTkSyFLgZBpiHW0fQvU9cnl5/toKokdzy0Zk1Kc8BmtO9t +zQx9UOi3ilvKdE7r26n6UkZw1ZKrOb+azz7LhjCIgy9UcV/2cT1KUl7WYIoAGZPy +g0wAaOluLC+g7OLPtDsEdktvQ3UuAJzMiZdTTn+2H8uDbWYAYYaJchvtpHqIlLrZ +dEEr3iUleA== +-----END CERTIFICATE----- \ No newline at end of file