[ https://issues.apache.org/jira/browse/MRESOLVER-301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17820382#comment-17820382 ]
ASF GitHub Bot commented on MRESOLVER-301: ------------------------------------------ cstamas commented on code in PR #432: URL: https://github.com/apache/maven-resolver/pull/432#discussion_r1501649781 ########## maven-resolver-generator-signer/src/main/java/org/eclipse/aether/generator/signer/gpg/GpgSignerFactory.java: ########## @@ -0,0 +1,206 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.eclipse.aether.generator.signer.gpg; + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.time.LocalDateTime; +import java.time.ZoneId; +import java.util.Map; + +import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags; +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPPrivateKey; +import org.bouncycastle.openpgp.PGPSecretKey; +import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; +import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator; +import org.bouncycastle.openpgp.PGPSignatureSubpacketVector; +import org.bouncycastle.openpgp.PGPUtil; +import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator; +import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder; +import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider; +import org.eclipse.aether.ConfigurationProperties; +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.generator.signer.SignerFactory; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.repository.RemoteRepository; +import org.eclipse.aether.spi.connector.layout.RepositoryLayout; +import org.eclipse.aether.spi.connector.layout.RepositoryLayoutProvider; +import org.eclipse.aether.transfer.NoRepositoryLayoutException; +import org.eclipse.aether.util.ConfigUtils; + +import static org.eclipse.aether.generator.signer.gpg.GpgConfigurationKeys.CONFIG_PROP_KEY_ID; + +/** + * GnuPG signer factory implementation, that is active only for {@link RemoteRepository}ies. + */ +@Singleton +@Named(GpgSignerFactory.NAME) +public final class GpgSignerFactory implements SignerFactory { + public static final String NAME = GpgConfigurationKeys.NAME; + private static final String SIGNER_KEY = GpgSignerFactory.class.getName() + ".signer"; + + public interface KeyRingMaterialLoader { + /** + * Loads the key ring material, or {@code null}. + */ + byte[] load(RepositorySystemSession session) throws IOException; + } + + public interface KeyPasswordLoader { + /** + * Returns {@code true} if this component requires user interactivity. + */ + boolean isInteractive(); + + /** + * Returns the key password, or {@code null}. + */ + char[] load(RepositorySystemSession session, long keyId) throws IOException; + } + + private final RepositoryLayoutProvider repositoryLayoutProvider; + private final Map<String, KeyRingMaterialLoader> keyMaterialLoaders; + private final Map<String, KeyPasswordLoader> keyPasswordLoaders; + + @Inject + public GpgSignerFactory( + RepositoryLayoutProvider repositoryLayoutProvider, + Map<String, KeyRingMaterialLoader> keyMaterialLoaders, + Map<String, KeyPasswordLoader> keyPasswordLoaders) { + this.repositoryLayoutProvider = repositoryLayoutProvider; + this.keyMaterialLoaders = keyMaterialLoaders; + this.keyPasswordLoaders = keyPasswordLoaders; + } + + @Override + public GpgSigner createSigner(RepositorySystemSession session, ArtifactRepository artifactRepository) { + final boolean enabled = ConfigUtils.getBoolean( + session, GpgConfigurationKeys.DEFAULT_ENABLED, GpgConfigurationKeys.CONFIG_PROP_ENABLED) + && (artifactRepository instanceof RemoteRepository); + if (!enabled) { + return null; + } + + try { + return doCreateSigner(session, repositoryLayoutProvider.newRepositoryLayout(session, (RemoteRepository) + artifactRepository)); + } catch (NoRepositoryLayoutException e) { + throw new IllegalArgumentException(e); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + + private GpgSigner doCreateSigner(RepositorySystemSession session, RepositoryLayout repositoryLayout) + throws IOException { + boolean interactive = ConfigUtils.getBoolean( + session, ConfigurationProperties.DEFAULT_INTERACTIVE, ConfigurationProperties.INTERACTIVE); + + byte[] keyRingMaterial = null; + for (KeyRingMaterialLoader loader : keyMaterialLoaders.values()) { + keyRingMaterial = loader.load(session); + if (keyRingMaterial != null) { + break; + } + } + if (keyRingMaterial == null) { + throw new IllegalArgumentException("Key ring material not found"); + } + + Long keyId = null; + String keyIdStr = ConfigUtils.getString(session, null, CONFIG_PROP_KEY_ID); Review Comment: fixed, now only exists "loaders" (3 of them: env, conf and agent) > Artifact Generators > ------------------- > > Key: MRESOLVER-301 > URL: https://issues.apache.org/jira/browse/MRESOLVER-301 > Project: Maven Resolver > Issue Type: New Feature > Components: Resolver > Reporter: Tamas Cservenak > Assignee: Tamas Cservenak > Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-9 > > > Resolver should provide extension point for "generators". Typical use case > for these are for example "signing" of artifacts. -- This message was sent by Atlassian Jira (v8.20.10#820010)