View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.eclipse.aether.generator.gnupg.loaders;
20  
21  import javax.inject.Named;
22  import javax.inject.Singleton;
23  
24  import java.io.IOException;
25  import java.nio.file.Files;
26  import java.nio.file.Path;
27  import java.nio.file.Paths;
28  
29  import org.bouncycastle.util.encoders.Hex;
30  import org.eclipse.aether.RepositorySystemSession;
31  import org.eclipse.aether.generator.gnupg.GnupgConfigurationKeys;
32  import org.eclipse.aether.generator.gnupg.GnupgSignatureArtifactGeneratorFactory;
33  import org.eclipse.aether.util.ConfigUtils;
34  import org.eclipse.sisu.Priority;
35  import org.slf4j.Logger;
36  import org.slf4j.LoggerFactory;
37  
38  import static org.eclipse.aether.generator.gnupg.GnupgConfigurationKeys.CONFIG_PROP_KEY_FINGERPRINT;
39  
40  /**
41   * Loader that looks for configuration.
42   */
43  @Singleton
44  @Named(GpgConfLoader.NAME)
45  @Priority(20)
46  public final class GpgConfLoader implements GnupgSignatureArtifactGeneratorFactory.Loader {
47      public static final String NAME = "conf";
48  
49      private final Logger logger = LoggerFactory.getLogger(getClass());
50  
51      /**
52       * Maximum file size allowed to load (as we load it into heap).
53       * <p>
54       * This barrier exists to prevent us to load big/huge files, if this code is pointed at one
55       * (by mistake or by malicious intent).
56       *
57       * @see <a href="https://wiki.gnupg.org/LargeKeys">Large Keys</a>
58       */
59      private static final long MAX_SIZE = 64 * 1000 + 1L;
60  
61      @Override
62      public byte[] loadKeyRingMaterial(RepositorySystemSession session) throws IOException {
63          Path keyPath = Paths.get(ConfigUtils.getString(
64                  session,
65                  GnupgConfigurationKeys.DEFAULT_KEY_FILE_PATH,
66                  GnupgConfigurationKeys.CONFIG_PROP_KEY_FILE_PATH));
67          if (!keyPath.isAbsolute()) {
68              keyPath =
69                      Paths.get(System.getProperty("user.home")).resolve(keyPath).toAbsolutePath();
70          }
71          if (Files.isRegularFile(keyPath)) {
72              if (Files.size(keyPath) < MAX_SIZE) {
73                  return Files.readAllBytes(keyPath);
74              } else {
75                  logger.warn("Refusing to load file {}; is larger than 64 kB", keyPath);
76              }
77          }
78          return null;
79      }
80  
81      @Override
82      public byte[] loadKeyFingerprint(RepositorySystemSession session) {
83          String keyFingerprint = ConfigUtils.getString(session, null, CONFIG_PROP_KEY_FINGERPRINT);
84          if (keyFingerprint != null) {
85              if (keyFingerprint.trim().length() == 40) {
86                  return Hex.decode(keyFingerprint);
87              } else {
88                  throw new IllegalArgumentException(
89                          "Key fingerprint configuration is wrong (hex encoded, 40 characters)");
90              }
91          }
92          return null;
93      }
94  }