Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *   http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.eclipse.aether.generator.gnupg.loaders;
020
021import javax.inject.Named;
022import javax.inject.Singleton;
023
024import java.io.IOException;
025import java.nio.file.Files;
026import java.nio.file.Path;
027import java.nio.file.Paths;
028
029import org.bouncycastle.util.encoders.Hex;
030import org.eclipse.aether.RepositorySystemSession;
031import org.eclipse.aether.generator.gnupg.GnupgConfigurationKeys;
032import org.eclipse.aether.generator.gnupg.GnupgSignatureArtifactGeneratorFactory;
033import org.eclipse.aether.util.ConfigUtils;
034import org.eclipse.sisu.Priority;
035import org.slf4j.Logger;
036import org.slf4j.LoggerFactory;
037
038import static org.eclipse.aether.generator.gnupg.GnupgConfigurationKeys.CONFIG_PROP_KEY_FINGERPRINT;
039
040/**
041 * Loader that looks for configuration.
042 */
043@Singleton
044@Named(GpgConfLoader.NAME)
045@Priority(20)
046@SuppressWarnings("checkstyle:magicnumber")
047public final class GpgConfLoader implements GnupgSignatureArtifactGeneratorFactory.Loader {
048    public static final String NAME = "conf";
049
050    private final Logger logger = LoggerFactory.getLogger(getClass());
051
052    /**
053     * Maximum file size allowed to load (as we load it into heap).
054     * <p>
055     * This barrier exists to prevent us to load big/huge files, if this code is pointed at one
056     * (by mistake or by malicious intent).
057     *
058     * @see <a href="https://wiki.gnupg.org/LargeKeys">Large Keys</a>
059     */
060    private static final long MAX_SIZE = 64 * 1000 + 1L;
061
062    @Override
063    public byte[] loadKeyRingMaterial(RepositorySystemSession session) throws IOException {
064        Path keyPath = Paths.get(ConfigUtils.getString(
065                session,
066                GnupgConfigurationKeys.DEFAULT_KEY_FILE_PATH,
067                GnupgConfigurationKeys.CONFIG_PROP_KEY_FILE_PATH));
068        if (!keyPath.isAbsolute()) {
069            keyPath =
070                    Paths.get(System.getProperty("user.home")).resolve(keyPath).toAbsolutePath();
071        }
072        if (Files.isRegularFile(keyPath)) {
073            if (Files.size(keyPath) < MAX_SIZE) {
074                return Files.readAllBytes(keyPath);
075            } else {
076                logger.warn("Refusing to load file {}; is larger than 64 kB", keyPath);
077            }
078        }
079        return null;
080    }
081
082    @Override
083    public byte[] loadKeyFingerprint(RepositorySystemSession session) {
084        String keyFingerprint = ConfigUtils.getString(session, null, CONFIG_PROP_KEY_FINGERPRINT);
085        if (keyFingerprint != null) {
086            if (keyFingerprint.trim().length() == 40) {
087                return Hex.decode(keyFingerprint);
088            } else {
089                throw new IllegalArgumentException(
090                        "Key fingerprint configuration is wrong (hex encoded, 40 characters)");
091            }
092        }
093        return null;
094    }
095}