Examples with SignatureVerificationService org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationService used on opensource projects

Example 1 with SignatureVerificationService

use of org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationService in project gradle by gradle.

the class WriteDependencyVerificationFile method buildFinished.

@Override
public void buildFinished(Gradle gradle) {
    ensureOutputDirCreated();
    maybeReadExistingFile();
    // when we generate the verification file, we intentionally ignore if the "use key servers" flag is false
    // because otherwise it forces the user to remove the option in the XML file, generate, then switch it back.
    boolean offline = gradle.getStartParameter().isOffline();
    SignatureVerificationService signatureVerificationService = signatureVerificationServiceFactory.create(keyrings, DefaultKeyServers.getOrDefaults(verificationsBuilder.getKeyServers()), !offline);
    if (!verificationsBuilder.isUseKeyServers() && !offline) {
        LOGGER.lifecycle("Will use key servers to download missing keys. If you really want to ignore key servers when generating the verification file, you can use the --offline flag in addition");
    }
    try {
        validateChecksums();
        resolveAllConfigurationsConcurrently(gradle);
        computeChecksumsConcurrently(signatureVerificationService);
        writeEntriesSerially();
        serializeResult(signatureVerificationService);
    } catch (IOException e) {
        throw UncheckedException.throwAsUncheckedException(e);
    } finally {
        signatureVerificationService.stop();
    }
}

Example 2 with SignatureVerificationService

use of org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationService in project gradle by gradle.

the class ChecksumAndSignatureVerificationOverride method verifyConcurrently.

private void verifyConcurrently() {
    hasFatalFailure.set(false);
    synchronized (verificationEvents) {
        if (verificationEvents.isEmpty()) {
            return;
        }
    }
    if (closed.get()) {
        LOGGER.debug("Cannot perform verification of all dependencies because the verification service has been shutdown. Under normal circumstances this shouldn't happen unless a user buildFinished was added in an unexpected way.");
        return;
    }
    buildOperationExecutor.runAll(queue -> {
        VerificationEvent event;
        synchronized (verificationEvents) {
            while ((event = verificationEvents.poll()) != null) {
                VerificationEvent ve = event;
                queue.add(new RunnableBuildOperation() {

                    @Override
                    public void run(BuildOperationContext context) {
                        verifier.verify(checksumService, signatureVerificationService, ve.kind, ve.artifact, ve.mainFile, ve.signatureFile.create(), f -> {
                            synchronized (failures) {
                                failures.put(ve.artifact, new RepositoryAwareVerificationFailure(f, ve.repositoryName));
                            }
                            if (f.isFatal()) {
                                hasFatalFailure.set(true);
                            }
                        });
                    }

                    @Override
                    public BuildOperationDescriptor.Builder description() {
                        return BuildOperationDescriptor.displayName("Dependency verification").progressDisplayName("Verifying " + ve.artifact);
                    }
                });
            }
        }
    });
}

Example 3 with SignatureVerificationService

use of org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationService in project gradle by gradle.

the class WriteDependencyVerificationFile method exportKeys.

private void exportKeys(SignatureVerificationService signatureVerificationService, DependencyVerifier verifier) throws IOException {
    BuildTreeDefinedKeys keys = isDryRun ? keyrings.dryRun() : keyrings;
    Set<String> keysToExport = Sets.newHashSet();
    verifier.getConfiguration().getTrustedKeys().stream().map(DependencyVerificationConfiguration.TrustedKey::getKeyId).forEach(keysToExport::add);
    verifier.getConfiguration().getIgnoredKeys().stream().map(IgnoredKey::getKeyId).forEach(keysToExport::add);
    verifier.getVerificationMetadata().stream().flatMap(md -> md.getArtifactVerifications().stream()).flatMap(avm -> Stream.concat(avm.getTrustedPgpKeys().stream(), avm.getIgnoredPgpKeys().stream().map(IgnoredKey::getKeyId))).forEach(keysToExport::add);
    exportKeyRingCollection(signatureVerificationService.getPublicKeyService(), keys, keysToExport);
}