Skip to content

Commit

Permalink
[MGPG-138] Drop direct use of plexus-cipher and secdispatcher (#115)
Browse files Browse the repository at this point in the history
Use proper Maven 3 API instead.

---

https://issues.apache.org/jira/browse/MGPG-138
  • Loading branch information
cstamas authored Sep 9, 2024
1 parent 7516e7c commit afdfd28
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 50 deletions.
5 changes: 2 additions & 3 deletions pgp-keys-map.list
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,7 @@ org.opentest4j:opentest4j = 0xFF6E2C001948C5F2F38B0CC385911F425EC61B51
org.apache.maven.resolver = 0x29BEA2A645F2D6CED7FB12E02B172E3E156466E8
org.apache.maven.shared:maven-invoker = 0x84789D24DF77A32433CE1F079EB80E92EB2135B1
org.apache.maven.shared:maven-shared-utils = 0x84789D24DF77A32433CE1F079EB80E92EB2135B1
org.codehaus.plexus:plexus-cipher = 0x6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688
org.codehaus.plexus:plexus-classworlds = 0xB91AB7D2121DC6B0A61AA182D7742D58455ECC7C
org.codehaus.plexus:plexus-component-annotations = 0xFA77DCFEF2EE6EB2DEBEDD2C012579464D01C06A
org.codehaus.plexus:plexus-utils = 0xF254B35617DC255D9344BCFA873A8E86B4372146
org.codehaus.plexus:plexus-sec-dispatcher = 0x2BE13D052E9AA567D657D9791FD507154FB9BA39
org.codehaus.plexus:plexus-utils = 0x84789D24DF77A32433CE1F079EB80E92EB2135B1
org.codehaus.plexus:plexus-xml = 0x84789D24DF77A32433CE1F079EB80E92EB2135B1
40 changes: 16 additions & 24 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,12 @@ under the License.
</properties>

<dependencies>
<dependency>
<groupId>javax.inject</groupId>
<artifactId>javax.inject</artifactId>
<version>1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-plugin-api</artifactId>
Expand Down Expand Up @@ -105,6 +111,12 @@ under the License.
<version>${mavenVersion}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-settings-builder</artifactId>
<version>${mavenVersion}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.maven.resolver</groupId>
<artifactId>maven-resolver-api</artifactId>
Expand All @@ -126,7 +138,10 @@ under the License.
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
<version>3.5.1</version>
</dependency>
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-xml</artifactId>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
Expand All @@ -149,29 +164,6 @@ under the License.
<version>2.10.0</version>
<type>pom</type>
</dependency>
<!-- These two below must go in pair -->
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-sec-dispatcher</artifactId>
<version>2.0</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-cipher</artifactId>
<version>2.0</version>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>

<dependency>
<groupId>org.junit.jupiter</groupId>
Expand Down
54 changes: 31 additions & 23 deletions src/main/java/org/apache/maven/plugins/gpg/AbstractGpgMojo.java
Original file line number Diff line number Diff line change
Expand Up @@ -18,23 +18,23 @@
*/
package org.apache.maven.plugins.gpg;

import javax.inject.Inject;

import java.io.File;
import java.util.Collections;
import java.util.List;

import org.apache.maven.execution.MavenSession;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.MavenProject;
import org.apache.maven.settings.Server;
import org.apache.maven.settings.Settings;
import org.sonatype.plexus.components.cipher.DefaultPlexusCipher;
import org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher;
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException;
import org.apache.maven.settings.building.SettingsProblem;
import org.apache.maven.settings.crypto.DefaultSettingsDecryptionRequest;
import org.apache.maven.settings.crypto.SettingsDecrypter;
import org.apache.maven.settings.crypto.SettingsDecryptionResult;

/**
* @author Benjamin Bentmann
Expand Down Expand Up @@ -256,12 +256,6 @@ public abstract class AbstractGpgMojo extends AbstractMojo {
@Parameter(property = "gpg.signer", defaultValue = GpgSigner.NAME)
private String signer;

/**
* @since 3.0.0
*/
@Component
protected MavenSession session;

/**
* Switch to improve plugin enforcement of "best practices". If set to {@code false}, plugin retains all the
* backward compatibility regarding getting secrets (but will warn). If set to {@code true}, plugin will fail
Expand All @@ -285,14 +279,16 @@ public abstract class AbstractGpgMojo extends AbstractMojo {
protected Settings settings;

/**
* Maven Security Dispatcher.
*
* @since 1.6
* @deprecated Provides quasi-encryption, should be avoided.
* @since 3.0.0
*/
@Deprecated
private final SecDispatcher secDispatcher =
new DefaultSecDispatcher(new DefaultPlexusCipher(), Collections.emptyMap(), "~/.m2/settings-security.xml");
@Inject
protected MavenSession session;

/**
* @since 3.2.6
*/
@Inject
protected SettingsDecrypter settingsDecrypter;

@Override
public final void execute() throws MojoExecutionException, MojoFailureException {
Expand Down Expand Up @@ -415,11 +411,23 @@ private String loadGpgPassphrase() throws MojoFailureException {
Server server = settings.getServer(passphraseServerId);
if (server != null) {
if (isNotBlank(server.getPassphrase())) {
try {
return secDispatcher.decrypt(server.getPassphrase());
} catch (SecDispatcherException e) {
throw new MojoFailureException("Unable to decrypt gpg passphrase", e);
SettingsDecryptionResult result =
settingsDecrypter.decrypt(new DefaultSettingsDecryptionRequest(server));
for (SettingsProblem problem : result.getProblems()) {
switch (problem.getSeverity()) {
case WARNING:
case ERROR:
getLog().warn(problem.getMessage(), problem.getException());
break;
case FATAL:
getLog().error(problem.getMessage(), problem.getException());
throw new MojoFailureException(problem.getMessage(), problem.getException());
default:
throw new IllegalStateException("Unknown severity: "
+ problem.getSeverity().toString());
}
}
return result.getServer().getPassphrase();
}
}
}
Expand Down

0 comments on commit afdfd28

Please sign in to comment.