View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.maven.plugins.gpg;
20  
21  import java.io.ByteArrayInputStream;
22  import java.io.File;
23  import java.io.InputStream;
24  
25  import org.apache.maven.plugin.MojoExecutionException;
26  import org.codehaus.plexus.util.Os;
27  import org.codehaus.plexus.util.cli.CommandLineException;
28  import org.codehaus.plexus.util.cli.CommandLineUtils;
29  import org.codehaus.plexus.util.cli.Commandline;
30  import org.codehaus.plexus.util.cli.DefaultConsumer;
31  
32  /**
33   * A signer implementation that uses the GnuPG command line executable.
34   */
35  public class GpgSigner extends AbstractGpgSigner {
36      public static final String NAME = "gpg";
37      private final String executable;
38  
39      public GpgSigner(String executable) {
40          this.executable = executable;
41      }
42  
43      @Override
44      public String signerName() {
45          return NAME;
46      }
47  
48      @Override
49      public String getKeyInfo() {
50          return keyname != null ? keyname : "default";
51      }
52  
53      /**
54       * {@inheritDoc}
55       */
56      @Override
57      protected void generateSignatureForFile(File file, File signature) throws MojoExecutionException {
58          // ----------------------------------------------------------------------------
59          // Set up the command line
60          // ----------------------------------------------------------------------------
61  
62          Commandline cmd = new Commandline();
63  
64          if (executable != null && !executable.isEmpty()) {
65              cmd.setExecutable(executable);
66          } else {
67              cmd.setExecutable("gpg" + (Os.isFamily(Os.FAMILY_WINDOWS) ? ".exe" : ""));
68          }
69  
70          GpgVersionParser versionParser = GpgVersionParser.parse(executable);
71  
72          GpgVersion gpgVersion = versionParser.getGpgVersion();
73          if (gpgVersion == null) {
74              throw new MojoExecutionException("Could not determine gpg version");
75          }
76  
77          getLog().debug("GPG Version: " + gpgVersion);
78  
79          if (args != null) {
80              for (String arg : args) {
81                  cmd.createArg().setValue(arg);
82              }
83          }
84  
85          if (homeDir != null) {
86              cmd.createArg().setValue("--homedir");
87              cmd.createArg().setFile(homeDir);
88          }
89  
90          if (gpgVersion.isBefore(GpgVersion.parse("2.1"))) {
91              if (useAgent) {
92                  cmd.createArg().setValue("--use-agent");
93              } else {
94                  cmd.createArg().setValue("--no-use-agent");
95              }
96          }
97  
98          InputStream in = null;
99          if (null != passphrase) {
100             if (gpgVersion.isAtLeast(GpgVersion.parse("2.0"))) {
101                 // required for option --passphrase-fd since GPG 2.0
102                 cmd.createArg().setValue("--batch");
103             }
104 
105             if (gpgVersion.isAtLeast(GpgVersion.parse("2.1"))) {
106                 // required for option --passphrase-fd since GPG 2.1
107                 cmd.createArg().setValue("--pinentry-mode");
108                 cmd.createArg().setValue("loopback");
109             }
110 
111             // make --passphrase-fd effective in gpg2
112             cmd.createArg().setValue("--passphrase-fd");
113             cmd.createArg().setValue("0");
114 
115             // Prepare the STDIN stream which will be used to pass the passphrase to the executable
116             // but obey terminatePassphrase: append LF if asked for
117             if (terminatePassphrase && !passphrase.endsWith("\n")) {
118                 in = new ByteArrayInputStream((passphrase + "\n").getBytes());
119             } else {
120                 in = new ByteArrayInputStream(passphrase.getBytes());
121             }
122         }
123 
124         if (null != keyname) {
125             cmd.createArg().setValue("--local-user");
126 
127             cmd.createArg().setValue(keyname);
128         }
129 
130         cmd.createArg().setValue("--armor");
131 
132         cmd.createArg().setValue("--detach-sign");
133 
134         if (getLog().isDebugEnabled()) {
135             // instruct GPG to write status information to stdout
136             cmd.createArg().setValue("--status-fd");
137             cmd.createArg().setValue("1");
138         }
139 
140         if (!isInteractive) {
141             cmd.createArg().setValue("--batch");
142             cmd.createArg().setValue("--no-tty");
143 
144             if (null == passphrase && gpgVersion.isAtLeast(GpgVersion.parse("2.1"))) {
145                 // prevent GPG from spawning input prompts in Maven non-interactive mode
146                 cmd.createArg().setValue("--pinentry-mode");
147                 cmd.createArg().setValue("error");
148             }
149         }
150 
151         if (!defaultKeyring) {
152             cmd.createArg().setValue("--no-default-keyring");
153         }
154 
155         if (secretKeyring != null && !secretKeyring.isEmpty()) {
156             if (gpgVersion.isBefore(GpgVersion.parse("2.1"))) {
157                 cmd.createArg().setValue("--secret-keyring");
158                 cmd.createArg().setValue(secretKeyring);
159             } else {
160                 getLog().warn("'secretKeyring' is an obsolete option and ignored. All secret keys "
161                         + "are stored in the ‘private-keys-v1.d’ directory below the GnuPG home directory.");
162             }
163         }
164 
165         if (publicKeyring != null && !publicKeyring.isEmpty()) {
166             cmd.createArg().setValue("--keyring");
167             cmd.createArg().setValue(publicKeyring);
168         }
169 
170         if ("once".equalsIgnoreCase(lockMode)) {
171             cmd.createArg().setValue("--lock-once");
172         } else if ("multiple".equalsIgnoreCase(lockMode)) {
173             cmd.createArg().setValue("--lock-multiple");
174         } else if ("never".equalsIgnoreCase(lockMode)) {
175             cmd.createArg().setValue("--lock-never");
176         }
177 
178         cmd.createArg().setValue("--output");
179         cmd.createArg().setFile(signature);
180 
181         cmd.createArg().setFile(file);
182 
183         // ----------------------------------------------------------------------------
184         // Execute the command line
185         // ----------------------------------------------------------------------------
186 
187         getLog().debug("CMD: " + cmd);
188 
189         try {
190             int exitCode = CommandLineUtils.executeCommandLine(cmd, in, new DefaultConsumer(), new DefaultConsumer());
191 
192             if (exitCode != 0) {
193                 throw new MojoExecutionException("Exit code: " + exitCode);
194             }
195         } catch (CommandLineException e) {
196             throw new MojoExecutionException("Unable to execute gpg command", e);
197         }
198     }
199 }