Example 1 with PublicKeyService
use of org.gradle.security.internal.PublicKeyService in project gradle by gradle.
the class DependencyVerifier method doVerifyArtifact.
private void doVerifyArtifact(ModuleComponentArtifactIdentifier foundArtifact, ChecksumService checksumService, SignatureVerificationService signatureVerificationService, File file, File signature, ArtifactVerificationResultBuilder builder) {
PublicKeyService publicKeyService = signatureVerificationService.getPublicKeyService();
ComponentVerificationMetadata componentVerification = verificationMetadata.get(toStringKey(foundArtifact.getComponentIdentifier()));
if (componentVerification != null) {
String foundArtifactFileName = foundArtifact.getFileName();
List<ArtifactVerificationMetadata> verifications = componentVerification.getArtifactVerifications();
for (ArtifactVerificationMetadata verification : verifications) {
String verifiedArtifact = verification.getArtifactName();
if (verifiedArtifact.equals(foundArtifactFileName)) {
if (signature == null && config.isVerifySignatures()) {
builder.failWith(new MissingSignature(file));
}
if (signature != null) {
DefaultSignatureVerificationResultBuilder result = new DefaultSignatureVerificationResultBuilder(file, signature);
verifySignature(signatureVerificationService, file, signature, allTrustedKeys(foundArtifact, verification.getTrustedPgpKeys()), allIgnoredKeys(verification.getIgnoredPgpKeys()), result);
if (result.hasOnlyIgnoredKeys()) {
builder.failWith(new OnlyIgnoredKeys(file));
if (verification.getChecksums().isEmpty()) {
builder.failWith(new MissingChecksums(file));
return;
} else {
verifyChecksums(checksumService, file, verification, builder);
return;
}
}
if (result.hasError()) {
builder.failWith(result.asError(publicKeyService));
return;
}
}
verifyChecksums(checksumService, file, verification, builder);
return;
}
}
}
if (signature != null) {
// it's possible that the artifact is not listed explicitly but we can still verify signatures
DefaultSignatureVerificationResultBuilder result = new DefaultSignatureVerificationResultBuilder(file, signature);
verifySignature(signatureVerificationService, file, signature, allTrustedKeys(foundArtifact, Collections.emptySet()), allIgnoredKeys(Collections.emptySet()), result);
if (result.hasError()) {
builder.failWith(result.asError(publicKeyService));
return;
} else if (!result.hasOnlyIgnoredKeys()) {
return;
}
}
builder.failWith(new MissingChecksums(file));
}
Also used :
ArtifactVerificationMetadata(org.gradle.api.internal.artifacts.verification.model.ArtifactVerificationMetadata)
PublicKeyService(org.gradle.security.internal.PublicKeyService)
ComponentVerificationMetadata(org.gradle.api.internal.artifacts.verification.model.ComponentVerificationMetadata)
Example 2 with PublicKeyService
use of org.gradle.security.internal.PublicKeyService in project gradle by gradle.
the class WriteDependencyVerificationFile method exportKeyRingCollection.
private void exportKeyRingCollection(PublicKeyService publicKeyService, BuildTreeDefinedKeys keyrings, Set<String> publicKeys) throws IOException {
List<PGPPublicKeyRing> existingRings = loadExistingKeyRing(keyrings);
PGPPublicKeyRingListBuilder builder = new PGPPublicKeyRingListBuilder();
for (String publicKey : publicKeys) {
if (publicKey.length() <= 16) {
publicKeyService.findByLongId(new BigInteger(publicKey, 16).longValue(), builder);
} else {
publicKeyService.findByFingerprint(Fingerprint.fromString(publicKey).getBytes(), builder);
}
}
List<PGPPublicKeyRing> keysSeenInVerifier = builder.build().stream().filter(WriteDependencyVerificationFile::hasAtLeastOnePublicKey).filter(e -> existingRings.stream().noneMatch(ring -> keyIds(ring).equals(keyIds(e)))).collect(Collectors.toList());
ImmutableList<PGPPublicKeyRing> allKeyRings = ImmutableList.<PGPPublicKeyRing>builder().addAll(existingRings).addAll(keysSeenInVerifier).build();
File keyringFile = keyrings.getBinaryKeyringsFile();
writeBinaryKeyringFile(keyringFile, allKeyRings);
File asciiArmoredFile = keyrings.getAsciiKeyringsFile();
writeAsciiArmoredKeyRingFile(asciiArmoredFile, allKeyRings);
LOGGER.lifecycle("Exported {} keys to {} and {}", allKeyRings.size(), keyringFile, asciiArmoredFile);
}
Also used :
DependencyVerificationOverride(org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.DependencyVerificationOverride)
SignatureVerificationResultBuilder(org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationResultBuilder)
ChecksumService(org.gradle.internal.hash.ChecksumService)
UncheckedException(org.gradle.internal.UncheckedException)
PublicKeyService(org.gradle.security.internal.PublicKeyService)
ModuleComponentRepository(org.gradle.api.internal.artifacts.ivyservice.ivyresolve.ModuleComponentRepository)
ProjectInternal(org.gradle.api.internal.project.ProjectInternal)
DependencyVerificationException(org.gradle.api.internal.artifacts.verification.DependencyVerificationException)
PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing)
BigInteger(java.math.BigInteger)
ChecksumKind(org.gradle.api.internal.artifacts.verification.model.ChecksumKind)
ImmutableSet(com.google.common.collect.ImmutableSet)
Project(org.gradle.api.Project)
Files.getNameWithoutExtension(com.google.common.io.Files.getNameWithoutExtension)
DependencyVerificationsXmlReader(org.gradle.api.internal.artifacts.verification.serializer.DependencyVerificationsXmlReader)
SignatureVerificationServiceFactory(org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationServiceFactory)
DependencyVerifier(org.gradle.api.internal.artifacts.verification.verifier.DependencyVerifier)
Set(java.util.Set)
PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey)
IgnoredKey(org.gradle.api.internal.artifacts.verification.model.IgnoredKey)
BuildOperationDescriptor(org.gradle.internal.operations.BuildOperationDescriptor)
Collectors(java.util.stream.Collectors)
Sets(com.google.common.collect.Sets)
Gradle(org.gradle.api.invocation.Gradle)
FileNotFoundException(java.io.FileNotFoundException)
StandardCharsets(java.nio.charset.StandardCharsets)
ArtifactView(org.gradle.api.artifacts.ArtifactView)
List(java.util.List)
Stream(java.util.stream.Stream)
BuildOperationExecutor(org.gradle.internal.operations.BuildOperationExecutor)
DefaultKeyServers(org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.DefaultKeyServers)
Factory(org.gradle.internal.Factory)
DeprecatableConfiguration(org.gradle.internal.deprecation.DeprecatableConfiguration)
DependencyVerifyingModuleComponentRepository(org.gradle.api.internal.artifacts.ivyservice.ivyresolve.DependencyVerifyingModuleComponentRepository)
DependencyVerificationConfiguration(org.gradle.api.internal.artifacts.verification.verifier.DependencyVerificationConfiguration)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
UncheckedIOException(org.gradle.api.UncheckedIOException)
Logger(org.gradle.api.logging.Logger)
BuildOperationQueue(org.gradle.internal.operations.BuildOperationQueue)
Configuration(org.gradle.api.artifacts.Configuration)
ArtifactVerificationOperation(org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.ArtifactVerificationOperation)
RunnableBuildOperation(org.gradle.internal.operations.RunnableBuildOperation)
ImmutableList(com.google.common.collect.ImmutableList)
BuildTreeDefinedKeys(org.gradle.api.internal.artifacts.verification.signatures.BuildTreeDefinedKeys)
DependencyVerificationsXmlWriter(org.gradle.api.internal.artifacts.verification.serializer.DependencyVerificationsXmlWriter)
Fingerprint(org.gradle.security.internal.Fingerprint)
OutputStream(java.io.OutputStream)
PublicKeyResultBuilder(org.gradle.security.internal.PublicKeyResultBuilder)
Action(org.gradle.api.Action)
Iterator(java.util.Iterator)
SignatureVerificationService(org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationService)
DependencyVerifierBuilder(org.gradle.api.internal.artifacts.verification.verifier.DependencyVerifierBuilder)
FileOutputStream(java.io.FileOutputStream)
IOException(java.io.IOException)
FileInputStream(java.io.FileInputStream)
File(java.io.File)
ModuleComponentIdentifier(org.gradle.api.artifacts.component.ModuleComponentIdentifier)
ResolutionStrategyInternal(org.gradle.api.internal.artifacts.configurations.ResolutionStrategyInternal)
ArmoredOutputStream(org.bouncycastle.bcpg.ArmoredOutputStream)
Logging(org.gradle.api.logging.Logging)
SecuritySupport(org.gradle.security.internal.SecuritySupport)
ModuleComponentArtifactIdentifier(org.gradle.internal.component.external.model.ModuleComponentArtifactIdentifier)
BuildOperationContext(org.gradle.internal.operations.BuildOperationContext)
PGPUtils(org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.utils.PGPUtils)
Collections(java.util.Collections)
PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing)
BigInteger(java.math.BigInteger)
File(java.io.File)
Example 3 with PublicKeyService
use of org.gradle.security.internal.PublicKeyService in project gradle by gradle.
the class DefaultSignatureVerificationServiceFactory method create.
@Override
public SignatureVerificationService create(BuildTreeDefinedKeys keyrings, List<URI> keyServers, boolean useKeyServers) {
boolean refreshKeys = this.refreshKeys || !useKeyServers;
ExternalResourceRepository repository = transportFactory.createTransport("https", "https", Collections.emptyList(), redirectLocations -> {
}).getRepository();
PublicKeyService keyService;
if (useKeyServers) {
PublicKeyDownloadService keyDownloadService = new PublicKeyDownloadService(ImmutableList.copyOf(keyServers), repository);
keyService = new CrossBuildCachingKeyService(cacheRepository, decoratorFactory, buildOperationExecutor, keyDownloadService, timeProvider, refreshKeys);
} else {
keyService = EmptyPublicKeyService.getInstance();
}
keyService = keyrings.applyTo(keyService);
File effectiveKeyringsFile = keyrings.getEffectiveKeyringsFile();
HashCode keyringFileHash = effectiveKeyringsFile != null && effectiveKeyringsFile.exists() ? fileHasher.hash(effectiveKeyringsFile) : NO_KEYRING_FILE_HASH;
DefaultSignatureVerificationService delegate = new DefaultSignatureVerificationService(keyService);
return new CrossBuildSignatureVerificationService(delegate, fileHasher, buildScopedCache, decoratorFactory, timeProvider, refreshKeys, useKeyServers, keyringFileHash);
}
Also used :
Hashing(org.gradle.internal.hash.Hashing)
BuildCommencedTimeProvider(org.gradle.util.internal.BuildCommencedTimeProvider)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
FileHasher(org.gradle.internal.hash.FileHasher)
UncheckedException(org.gradle.internal.UncheckedException)
ImmutableList(com.google.common.collect.ImmutableList)
PublicKeyService(org.gradle.security.internal.PublicKeyService)
BuildScopedCache(org.gradle.cache.scopes.BuildScopedCache)
PGPPublicKeyRing(org.bouncycastle.openpgp.PGPPublicKeyRing)
InMemoryCacheDecoratorFactory(org.gradle.cache.internal.InMemoryCacheDecoratorFactory)
PublicKeyDownloadService(org.gradle.security.internal.PublicKeyDownloadService)
URI(java.net.URI)
Fingerprint(org.gradle.security.internal.Fingerprint)
PGPException(org.bouncycastle.openpgp.PGPException)
RepositoryTransportFactory(org.gradle.api.internal.artifacts.repositories.transport.RepositoryTransportFactory)
Scopes(org.gradle.internal.service.scopes.Scopes)
PGPSignatureList(org.bouncycastle.openpgp.PGPSignatureList)
PublicKeyResultBuilder(org.gradle.security.internal.PublicKeyResultBuilder)
SecuritySupport.toLongIdHexString(org.gradle.security.internal.SecuritySupport.toLongIdHexString)
ExternalResourceRepository(org.gradle.internal.resource.ExternalResourceRepository)
PGPSignature(org.bouncycastle.openpgp.PGPSignature)
Set(java.util.Set)
PGPPublicKey(org.bouncycastle.openpgp.PGPPublicKey)
IOException(java.io.IOException)
ServiceScope(org.gradle.internal.service.scopes.ServiceScope)
HashCode(org.gradle.internal.hash.HashCode)
File(java.io.File)
UncheckedIOException(java.io.UncheckedIOException)
List(java.util.List)
BuildOperationExecutor(org.gradle.internal.operations.BuildOperationExecutor)
SecuritySupport(org.gradle.security.internal.SecuritySupport)
GlobalScopedCache(org.gradle.cache.scopes.GlobalScopedCache)
EmptyPublicKeyService(org.gradle.security.internal.EmptyPublicKeyService)
Collections(java.util.Collections)
HashCode(org.gradle.internal.hash.HashCode)
PublicKeyService(org.gradle.security.internal.PublicKeyService)
EmptyPublicKeyService(org.gradle.security.internal.EmptyPublicKeyService)
PublicKeyDownloadService(org.gradle.security.internal.PublicKeyDownloadService)
File(java.io.File)
ExternalResourceRepository(org.gradle.internal.resource.ExternalResourceRepository)
Aggregations
PublicKeyService (org.gradle.security.internal.PublicKeyService)3
ImmutableList (com.google.common.collect.ImmutableList)2
File (java.io.File)2
IOException (java.io.IOException)2
Collections (java.util.Collections)2
List (java.util.List)2
Set (java.util.Set)2
PGPPublicKey (org.bouncycastle.openpgp.PGPPublicKey)2
PGPPublicKeyRing (org.bouncycastle.openpgp.PGPPublicKeyRing)2
UncheckedException (org.gradle.internal.UncheckedException)2
BuildOperationExecutor (org.gradle.internal.operations.BuildOperationExecutor)2
Fingerprint (org.gradle.security.internal.Fingerprint)2
PublicKeyResultBuilder (org.gradle.security.internal.PublicKeyResultBuilder)2
SecuritySupport (org.gradle.security.internal.SecuritySupport)2
ImmutableSet (com.google.common.collect.ImmutableSet)1
Sets (com.google.common.collect.Sets)1
Files.getNameWithoutExtension (com.google.common.io.Files.getNameWithoutExtension)1
FileInputStream (java.io.FileInputStream)1
FileNotFoundException (java.io.FileNotFoundException)1
FileOutputStream (java.io.FileOutputStream)1
