use of org.gradle.security.internal.PublicKeyService in project gradle by gradle.
the class DependencyVerifier method doVerifyArtifact.
private void doVerifyArtifact(ModuleComponentArtifactIdentifier foundArtifact, ChecksumService checksumService, SignatureVerificationService signatureVerificationService, File file, File signature, ArtifactVerificationResultBuilder builder) {
PublicKeyService publicKeyService = signatureVerificationService.getPublicKeyService();
ComponentVerificationMetadata componentVerification = verificationMetadata.get(toStringKey(foundArtifact.getComponentIdentifier()));
if (componentVerification != null) {
String foundArtifactFileName = foundArtifact.getFileName();
List<ArtifactVerificationMetadata> verifications = componentVerification.getArtifactVerifications();
for (ArtifactVerificationMetadata verification : verifications) {
String verifiedArtifact = verification.getArtifactName();
if (verifiedArtifact.equals(foundArtifactFileName)) {
if (signature == null && config.isVerifySignatures()) {
builder.failWith(new MissingSignature(file));
}
if (signature != null) {
DefaultSignatureVerificationResultBuilder result = new DefaultSignatureVerificationResultBuilder(file, signature);
verifySignature(signatureVerificationService, file, signature, allTrustedKeys(foundArtifact, verification.getTrustedPgpKeys()), allIgnoredKeys(verification.getIgnoredPgpKeys()), result);
if (result.hasOnlyIgnoredKeys()) {
builder.failWith(new OnlyIgnoredKeys(file));
if (verification.getChecksums().isEmpty()) {
builder.failWith(new MissingChecksums(file));
return;
} else {
verifyChecksums(checksumService, file, verification, builder);
return;
}
}
if (result.hasError()) {
builder.failWith(result.asError(publicKeyService));
return;
}
}
verifyChecksums(checksumService, file, verification, builder);
return;
}
}
}
if (signature != null) {
// it's possible that the artifact is not listed explicitly but we can still verify signatures
DefaultSignatureVerificationResultBuilder result = new DefaultSignatureVerificationResultBuilder(file, signature);
verifySignature(signatureVerificationService, file, signature, allTrustedKeys(foundArtifact, Collections.emptySet()), allIgnoredKeys(Collections.emptySet()), result);
if (result.hasError()) {
builder.failWith(result.asError(publicKeyService));
return;
} else if (!result.hasOnlyIgnoredKeys()) {
return;
}
}
builder.failWith(new MissingChecksums(file));
}
use of org.gradle.security.internal.PublicKeyService in project gradle by gradle.
the class WriteDependencyVerificationFile method exportKeyRingCollection.
private void exportKeyRingCollection(PublicKeyService publicKeyService, BuildTreeDefinedKeys keyrings, Set<String> publicKeys) throws IOException {
List<PGPPublicKeyRing> existingRings = loadExistingKeyRing(keyrings);
PGPPublicKeyRingListBuilder builder = new PGPPublicKeyRingListBuilder();
for (String publicKey : publicKeys) {
if (publicKey.length() <= 16) {
publicKeyService.findByLongId(new BigInteger(publicKey, 16).longValue(), builder);
} else {
publicKeyService.findByFingerprint(Fingerprint.fromString(publicKey).getBytes(), builder);
}
}
List<PGPPublicKeyRing> keysSeenInVerifier = builder.build().stream().filter(WriteDependencyVerificationFile::hasAtLeastOnePublicKey).filter(e -> existingRings.stream().noneMatch(ring -> keyIds(ring).equals(keyIds(e)))).collect(Collectors.toList());
ImmutableList<PGPPublicKeyRing> allKeyRings = ImmutableList.<PGPPublicKeyRing>builder().addAll(existingRings).addAll(keysSeenInVerifier).build();
File keyringFile = keyrings.getBinaryKeyringsFile();
writeBinaryKeyringFile(keyringFile, allKeyRings);
File asciiArmoredFile = keyrings.getAsciiKeyringsFile();
writeAsciiArmoredKeyRingFile(asciiArmoredFile, allKeyRings);
LOGGER.lifecycle("Exported {} keys to {} and {}", allKeyRings.size(), keyringFile, asciiArmoredFile);
}
use of org.gradle.security.internal.PublicKeyService in project gradle by gradle.
the class DefaultSignatureVerificationServiceFactory method create.
@Override
public SignatureVerificationService create(BuildTreeDefinedKeys keyrings, List<URI> keyServers, boolean useKeyServers) {
boolean refreshKeys = this.refreshKeys || !useKeyServers;
ExternalResourceRepository repository = transportFactory.createTransport("https", "https", Collections.emptyList(), redirectLocations -> {
}).getRepository();
PublicKeyService keyService;
if (useKeyServers) {
PublicKeyDownloadService keyDownloadService = new PublicKeyDownloadService(ImmutableList.copyOf(keyServers), repository);
keyService = new CrossBuildCachingKeyService(cacheRepository, decoratorFactory, buildOperationExecutor, keyDownloadService, timeProvider, refreshKeys);
} else {
keyService = EmptyPublicKeyService.getInstance();
}
keyService = keyrings.applyTo(keyService);
File effectiveKeyringsFile = keyrings.getEffectiveKeyringsFile();
HashCode keyringFileHash = effectiveKeyringsFile != null && effectiveKeyringsFile.exists() ? fileHasher.hash(effectiveKeyringsFile) : NO_KEYRING_FILE_HASH;
DefaultSignatureVerificationService delegate = new DefaultSignatureVerificationService(keyService);
return new CrossBuildSignatureVerificationService(delegate, fileHasher, buildScopedCache, decoratorFactory, timeProvider, refreshKeys, useKeyServers, keyringFileHash);
}
Aggregations