Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *   http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.eclipse.aether.generator.gnupg.loaders;
020
021import javax.inject.Named;
022import javax.inject.Singleton;
023
024import java.io.IOException;
025import java.nio.file.Files;
026import java.nio.file.Path;
027import java.nio.file.Paths;
028
029import org.bouncycastle.util.encoders.Hex;
030import org.eclipse.aether.RepositorySystemSession;
031import org.eclipse.aether.generator.gnupg.GnupgConfigurationKeys;
032import org.eclipse.aether.generator.gnupg.GnupgSignatureArtifactGeneratorFactory;
033import org.eclipse.aether.util.ConfigUtils;
034import org.eclipse.sisu.Priority;
035import org.slf4j.Logger;
036import org.slf4j.LoggerFactory;
037
038import static org.eclipse.aether.generator.gnupg.GnupgConfigurationKeys.CONFIG_PROP_KEY_FINGERPRINT;
039
040/**
041 * Loader that looks for configuration.
042 */
043@Singleton
044@Named(GpgConfLoader.NAME)
045@Priority(20)
046public final class GpgConfLoader implements GnupgSignatureArtifactGeneratorFactory.Loader {
047    public static final String NAME = "conf";
048
049    private final Logger logger = LoggerFactory.getLogger(getClass());
050
051    /**
052     * Maximum file size allowed to load (as we load it into heap).
053     * <p>
054     * This barrier exists to prevent us to load big/huge files, if this code is pointed at one
055     * (by mistake or by malicious intent).
056     *
057     * @see <a href="https://wiki.gnupg.org/LargeKeys">Large Keys</a>
058     */
059    private static final long MAX_SIZE = 64 * 1000 + 1L;
060
061    @Override
062    public byte[] loadKeyRingMaterial(RepositorySystemSession session) throws IOException {
063        Path keyPath = Paths.get(ConfigUtils.getString(
064                session,
065                GnupgConfigurationKeys.DEFAULT_KEY_FILE_PATH,
066                GnupgConfigurationKeys.CONFIG_PROP_KEY_FILE_PATH));
067        if (!keyPath.isAbsolute()) {
068            keyPath =
069                    Paths.get(System.getProperty("user.home")).resolve(keyPath).toAbsolutePath();
070        }
071        if (Files.isRegularFile(keyPath)) {
072            if (Files.size(keyPath) < MAX_SIZE) {
073                return Files.readAllBytes(keyPath);
074            } else {
075                logger.warn("Refusing to load file {}; is larger than 64 kB", keyPath);
076            }
077        }
078        return null;
079    }
080
081    @Override
082    public byte[] loadKeyFingerprint(RepositorySystemSession session) {
083        String keyFingerprint = ConfigUtils.getString(session, null, CONFIG_PROP_KEY_FINGERPRINT);
084        if (keyFingerprint != null) {
085            if (keyFingerprint.trim().length() == 40) {
086                return Hex.decode(keyFingerprint);
087            } else {
088                throw new IllegalArgumentException(
089                        "Key fingerprint configuration is wrong (hex encoded, 40 characters)");
090            }
091        }
092        return null;
093    }
094}