[jira] [Commented] (MRESOLVER-301) Artifact Generators

Sat, 24 Feb 2024 09:35:41 -0800 


    [ 
https://issues.apache.org/jira/browse/MRESOLVER-301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17820382#comment-17820382
 ] 

ASF GitHub Bot commented on MRESOLVER-301:
------------------------------------------

cstamas commented on code in PR #432:
URL: https://github.com/apache/maven-resolver/pull/432#discussion_r1501649781


##########
maven-resolver-generator-signer/src/main/java/org/eclipse/aether/generator/signer/gpg/GpgSignerFactory.java:
##########
@@ -0,0 +1,206 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.eclipse.aether.generator.signer.gpg;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.util.Map;
+
+import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPPrivateKey;
+import org.bouncycastle.openpgp.PGPSecretKey;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
+import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
+import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
+import org.bouncycastle.openpgp.PGPUtil;
+import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
+import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder;
+import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
+import org.eclipse.aether.ConfigurationProperties;
+import org.eclipse.aether.RepositorySystemSession;
+import org.eclipse.aether.generator.signer.SignerFactory;
+import org.eclipse.aether.repository.ArtifactRepository;
+import org.eclipse.aether.repository.RemoteRepository;
+import org.eclipse.aether.spi.connector.layout.RepositoryLayout;
+import org.eclipse.aether.spi.connector.layout.RepositoryLayoutProvider;
+import org.eclipse.aether.transfer.NoRepositoryLayoutException;
+import org.eclipse.aether.util.ConfigUtils;
+
+import static 
org.eclipse.aether.generator.signer.gpg.GpgConfigurationKeys.CONFIG_PROP_KEY_ID;
+
+/**
+ * GnuPG signer factory implementation, that is active only for {@link 
RemoteRepository}ies.
+ */
+@Singleton
+@Named(GpgSignerFactory.NAME)
+public final class GpgSignerFactory implements SignerFactory {
+    public static final String NAME = GpgConfigurationKeys.NAME;
+    private static final String SIGNER_KEY = GpgSignerFactory.class.getName() 
+ ".signer";
+
+    public interface KeyRingMaterialLoader {
+        /**
+         * Loads the key ring material, or {@code null}.
+         */
+        byte[] load(RepositorySystemSession session) throws IOException;
+    }
+
+    public interface KeyPasswordLoader {
+        /**
+         * Returns {@code true} if this component requires user interactivity.
+         */
+        boolean isInteractive();
+
+        /**
+         * Returns the key password, or {@code null}.
+         */
+        char[] load(RepositorySystemSession session, long keyId) throws 
IOException;
+    }
+
+    private final RepositoryLayoutProvider repositoryLayoutProvider;
+    private final Map<String, KeyRingMaterialLoader> keyMaterialLoaders;
+    private final Map<String, KeyPasswordLoader> keyPasswordLoaders;
+
+    @Inject
+    public GpgSignerFactory(
+            RepositoryLayoutProvider repositoryLayoutProvider,
+            Map<String, KeyRingMaterialLoader> keyMaterialLoaders,
+            Map<String, KeyPasswordLoader> keyPasswordLoaders) {
+        this.repositoryLayoutProvider = repositoryLayoutProvider;
+        this.keyMaterialLoaders = keyMaterialLoaders;
+        this.keyPasswordLoaders = keyPasswordLoaders;
+    }
+
+    @Override
+    public GpgSigner createSigner(RepositorySystemSession session, 
ArtifactRepository artifactRepository) {
+        final boolean enabled = ConfigUtils.getBoolean(
+                        session, GpgConfigurationKeys.DEFAULT_ENABLED, 
GpgConfigurationKeys.CONFIG_PROP_ENABLED)
+                && (artifactRepository instanceof RemoteRepository);
+        if (!enabled) {
+            return null;
+        }
+
+        try {
+            return doCreateSigner(session, 
repositoryLayoutProvider.newRepositoryLayout(session, (RemoteRepository)
+                    artifactRepository));
+        } catch (NoRepositoryLayoutException e) {
+            throw new IllegalArgumentException(e);
+        } catch (IOException e) {
+            throw new UncheckedIOException(e);
+        }
+    }
+
+    private GpgSigner doCreateSigner(RepositorySystemSession session, 
RepositoryLayout repositoryLayout)
+            throws IOException {
+        boolean interactive = ConfigUtils.getBoolean(
+                session, ConfigurationProperties.DEFAULT_INTERACTIVE, 
ConfigurationProperties.INTERACTIVE);
+
+        byte[] keyRingMaterial = null;
+        for (KeyRingMaterialLoader loader : keyMaterialLoaders.values()) {
+            keyRingMaterial = loader.load(session);
+            if (keyRingMaterial != null) {
+                break;
+            }
+        }
+        if (keyRingMaterial == null) {
+            throw new IllegalArgumentException("Key ring material not found");
+        }
+
+        Long keyId = null;
+        String keyIdStr = ConfigUtils.getString(session, null, 
CONFIG_PROP_KEY_ID);

Review Comment:
   fixed, now only exists "loaders" (3 of them: env, conf and agent)





> Artifact Generators
> -------------------
>
>                 Key: MRESOLVER-301
>                 URL: https://issues.apache.org/jira/browse/MRESOLVER-301
>             Project: Maven Resolver
>          Issue Type: New Feature
>          Components: Resolver
>            Reporter: Tamas Cservenak
>            Assignee: Tamas Cservenak
>            Priority: Major
>             Fix For: 2.0.0, 2.0.0-alpha-9
>
>
> Resolver should provide extension point for "generators". Typical use case 
> for these are for example "signing" of artifacts.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to