upstream: b=main,r=4bf46a3f54a7d505d61823cfc5f90dfe208bc664,t=2024-05…

…-10-1242-41541

assemblies/nexus-base-overlay/src/main/resources/overlay/bin/nexus

@@ -567,8 +567,8 @@ run() {
                 launch "${JAVA}" ${JAVA_OPTS} \
                     --add-reads=java.xml=java.logging \
                     --add-exports=java.base/org.apache.karaf.specs.locator=java.xml,ALL-UNNAMED \
-                    --patch-module java.base=${KARAF_HOME}/lib/endorsed/org.apache.karaf.specs.locator-4.4.2.jar \
-                    --patch-module java.xml=${KARAF_HOME}/lib/endorsed/org.apache.karaf.specs.java.xml-4.4.2.jar \
+                    --patch-module java.base=${KARAF_HOME}/lib/endorsed/org.apache.karaf.specs.locator-4.3.9.jar \
+                    --patch-module java.xml=${KARAF_HOME}/lib/endorsed/org.apache.karaf.specs.java.xml-4.3.9.jar \
                     --add-opens java.base/java.security=ALL-UNNAMED \
                     --add-opens java.base/java.net=ALL-UNNAMED \
                     --add-opens java.base/java.lang=ALL-UNNAMED \

assemblies/nexus-base-overlay/src/main/resources/overlay/bin/nexus.bat

@@ -363,8 +363,8 @@ if "%KARAF_PROFILER%" == "" goto :RUN
             "%JAVA%" %JAVA_OPTS% %OPTS% ^
                 --add-reads=java.xml=java.logging ^
                 --add-exports=java.base/org.apache.karaf.specs.locator=java.xml,ALL-UNNAMED ^
-                --patch-module java.base=%KARAF_HOME%\lib\endorsed\org.apache.karaf.specs.locator-4.4.2.jar ^
-                --patch-module java.xml=%KARAF_HOME%\lib\endorsed\org.apache.karaf.specs.java.xml-4.4.2.jar ^
+                --patch-module java.base=%KARAF_HOME%\lib\endorsed\org.apache.karaf.specs.locator-4.3.9.jar ^
+                --patch-module java.xml=%KARAF_HOME%\lib\endorsed\org.apache.karaf.specs.java.xml-4.3.9.jar ^
                 --add-opens java.base/java.security=ALL-UNNAMED ^
                 --add-opens java.base/java.net=ALL-UNNAMED ^
                 --add-opens java.base/java.lang=ALL-UNNAMED ^

assemblies/nexus-base-overlay/src/main/resources/overlay/etc/karaf/config.properties

@@ -31,8 +31,8 @@ karaf.framework=felix
 #
 # Location of the OSGi frameworks
 #
-karaf.framework.equinox=mvn\:org.eclipse.platform/org.eclipse.osgi/3.18.0
-karaf.framework.felix=mvn\:org.apache.felix/org.apache.felix.framework/7.0.5
+karaf.framework.equinox=mvn\:org.eclipse.platform/org.eclipse.osgi/3.16.300
+karaf.framework.felix=mvn\:org.apache.felix/org.apache.felix.framework/6.0.5
 
 #
 # Framework config properties.
@@ -41,8 +41,8 @@ org.osgi.framework.system.packages= \
  org.osgi.dto;version="1.1",\
  org.osgi.resource;version="1.0",\
  org.osgi.resource.dto;version="1.0";uses:="org.osgi.dto",\
- org.osgi.framework;version="1.10",\
- org.osgi.framework.dto;version="1.10";uses:="org.osgi.dto",\
+ org.osgi.framework;version="1.9",\
+ org.osgi.framework.dto;version="1.9";uses:="org.osgi.dto",\
  org.osgi.framework.hooks.bundle;version="1.1";uses:="org.osgi.framework",\
  org.osgi.framework.hooks.resolver;version="1.0";uses:="org.osgi.framework.wiring",\
  org.osgi.framework.hooks.service;version="1.1";uses:="org.osgi.framework",\
@@ -59,12 +59,12 @@ org.osgi.framework.system.packages= \
  org.osgi.service.startlevel;version="1.1";uses:="org.osgi.framework",\
  org.osgi.service.url;version="1.0",\
  org.osgi.util.tracker;version="1.5.2";uses:="org.osgi.framework",\
- org.apache.karaf.version;version="4.4.2",\
- org.apache.karaf.diagnostic.core;uses:=org.osgi.framework;version="4.4.2",\
- org.apache.karaf.diagnostic.core.common;uses:=org.apache.karaf.diagnostic.core;version="4.4.2",\
- org.apache.karaf.jaas.boot.principal;uses:=javax.security.auth;version="4.4.2",\
- org.apache.karaf.jaas.boot;uses:="javax.security.auth,javax.security.auth.callback,javax.security.auth.login,javax.security.auth.spi,org.osgi.framework";version="4.4.2",\
- org.apache.karaf.info;version="4.4.2",\
+ org.apache.karaf.version;version="4.3.9",\
+ org.apache.karaf.diagnostic.core;uses:=org.osgi.framework;version="4.3.9",\
+ org.apache.karaf.diagnostic.core.common;uses:=org.apache.karaf.diagnostic.core;version="4.3.9",\
+ org.apache.karaf.jaas.boot.principal;uses:=javax.security.auth;version="4.3.9",\
+ org.apache.karaf.jaas.boot;uses:="javax.security.auth,javax.security.auth.callback,javax.security.auth.login,javax.security.auth.spi,org.osgi.framework";version="4.3.9",\
+ org.apache.karaf.info;version="4.3.9",\
  ${jre-${java.specification.version}}
 
 #

components/nexus-blobstore-file/src/test/java/org/sonatype/nexus/blobstore/file/FileBlobStoreTest.java

@@ -48,6 +48,7 @@
 import com.squareup.tape.QueueFile;
 import org.junit.After;
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TemporaryFolder;
@@ -330,6 +331,7 @@ public void testDoCompact_clearsDirectPathEmptyDirectories() throws Exception {
     assertThat(subdir2.toFile().exists(), is(false));
   }
 
+  @Ignore("NEXUS-40608")
   @Test
   public void testDeleteBlobTempFiles() throws Exception {
     underTest.doStart();

components/nexus-common/src/main/java/org/sonatype/nexus/common/app/FeatureFlags.java

@@ -115,6 +115,8 @@ public interface FeatureFlags
   String CLEANUP_USE_SQL = "nexus.cleanup.useSQL";
 
   String FORMAT_RETAIN_PATTERN = "nexus.cleanup.{format}Retain";
+
+  String DISABLE_NORMALIZE_VERSION_TASK = "nexus.cleanup.disableNormalizeVersionTask";
 
   String FIREWALL_QUARANTINE_FIX_ENABLED = "nexus.firewall.quarantineFix.enabled";
 

components/nexus-common/src/main/java/org/sonatype/nexus/common/app/ManagedLifecycle.java

@@ -26,7 +26,7 @@
 {
   enum Phase
   {
-    OFF, KERNEL, STORAGE, RESTORE, UPGRADE, SCHEMAS, EVENTS, SECURITY, SERVICES, CAPABILITIES, TASKS
+    OFF, KERNEL, STORAGE, RESTORE, UPGRADE, SCHEMAS, EVENTS, SECURITY, SERVICES, REPOSITORIES, CAPABILITIES, TASKS
   }
 
   Phase phase();

components/nexus-core/src/main/java/org/sonatype/nexus/internal/security/apikey/ApiKeyDAO.java

@@ -105,4 +105,22 @@ public interface ApiKeyDAO
    * @param expiration the date of expiration
    */
   void deleteApiKeyByExpirationDate(@Param("expiration") OffsetDateTime expiration);
+
+  /**
+   * Updates an existing {@link ApiKey}
+   */
+  void update(ApiKeyData toUpdate);
+
+  /**
+   * Browse all API Keys in the specified domain (paginated)
+   *
+   * @param domain the domain, e.g. npm keys, nuget keys
+   * @param skip   the amount of records to skip/offset
+   * @param limit  the amount of records to limit the query to
+   */
+  Collection<ApiKey> browsePaginated(
+      @Param("domain") String domain,
+      @Param("skip") int skip,
+      @Param("limit") int limit);
+
 }

components/nexus-core/src/main/java/org/sonatype/nexus/internal/security/apikey/ApiKeyData.java

@@ -18,6 +18,8 @@
 
 import org.apache.shiro.subject.PrincipalCollection;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 /**
  * {@link ApiKey} data.
  *
@@ -34,10 +36,21 @@ public class ApiKeyData
 
   private OffsetDateTime created;
 
+  ApiKeyData() { }
+
+  ApiKeyData(String domain, PrincipalCollection principals, ApiKeyToken token, OffsetDateTime created) {
+    this.domain = checkNotNull(domain);
+    this.principals = checkNotNull(principals);
+    this.token = checkNotNull(token);
+    this.created = created;
+  }
+
+  @Override
   public void setDomain(final String domain) {
     this.domain = domain;
   }
 
+  @Override
   public void setPrincipals(final PrincipalCollection principals) {
     this.principals = principals;
   }
@@ -46,6 +59,7 @@ public void setToken(final ApiKeyToken token) {
     this.token = token;
   }
 
+  @Override
   public void setApiKey(final char[] chars) {
     this.token = new ApiKeyToken(chars);
   }
@@ -55,10 +69,6 @@ public String getDomain() {
     return domain;
   }
 
-  public String getPrimaryPrincipal() {
-    return String.valueOf(principals.getPrimaryPrincipal());
-  }
-
   @Override
   public PrincipalCollection getPrincipals() {
     return principals;
@@ -78,6 +88,7 @@ public OffsetDateTime getCreated() {
     return created;
   }
 
+  @Override
   public void setCreated(final OffsetDateTime created) {
     this.created = created;
   }

components/nexus-core/src/main/java/org/sonatype/nexus/internal/security/apikey/ApiKeyStoreImpl.java

@@ -78,6 +78,15 @@ public ApiKeyStoreImpl(
     this.defaultApiKeyFactory = checkNotNull(defaultApiKeyFactory);
   }
 
+  public ApiKey newApiKey(
+      final String domain,
+      final PrincipalCollection principals,
+      char[] apiKey,
+      OffsetDateTime created)
+  {
+    return new ApiKeyData(domain, principals, new ApiKeyToken(apiKey), created);
+  }
+
   @Override
   public char[] createApiKey(final String domain, final PrincipalCollection principals) {
     final char[] apiKey = makeApiKey(domain, principals);
@@ -218,6 +227,22 @@ public void deleteApiKeys(final OffsetDateTime expiration) {
     dao().deleteApiKeyByExpirationDate(expiration);
   }
 
+  @Transactional
+  @Override
+  public void updateApiKey(final ApiKey from, final ApiKey to) {
+    ApiKeyData fromApiKey = (ApiKeyData) from;
+    fromApiKey.setApiKey(to.getApiKey());
+    fromApiKey.setPrincipals(to.getPrincipals());
+    fromApiKey.setCreated(to.getCreated());
+    dao().update(fromApiKey);
+  }
+
+  @Transactional
+  @Override
+  public Collection<ApiKey> browsePaginated(final String domain, final int page, final int pageSize) {
+    return dao().browsePaginated(domain, (page - 1) * pageSize, pageSize);
+  }
+
   /*
    * Finds ApiKey records for the provided username, and ensures the realm is the same
    */

components/nexus-core/src/main/java/org/sonatype/nexus/internal/security/apikey/ApiKeyToken.java

@@ -14,6 +14,7 @@
 
 import java.nio.CharBuffer;
 
+import org.sonatype.nexus.security.authc.apikey.ApiKey;
 import org.sonatype.nexus.datastore.mybatis.handlers.PasswordCharacterArrayTypeHandler;
 
 /**

components/nexus-core/src/main/java/org/sonatype/nexus/internal/security/apikey/orient/OrientApiKey.java

@@ -20,6 +20,8 @@
 
 import org.apache.shiro.subject.PrincipalCollection;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 /**
  * An Orient-stored object representing the association between a {@link PrincipalCollection} and a Api Key (char[]).
  *
@@ -37,18 +39,31 @@ public class OrientApiKey
 
   private OffsetDateTime created;
 
-  OrientApiKey() {
-    // package-private constructor
+  OrientApiKey() { }
+
+  OrientApiKey(
+      final String domain,
+      final PrincipalCollection principals,
+      final char[] apiKey,
+      final OffsetDateTime created)
+  {
+    this.domain = checkNotNull(domain);
+    this.principals = checkNotNull(principals);
+    this.apiKey = checkNotNull(apiKey);
+    this.created = created;
   }
 
+  @Override
   public void setDomain(final String domain) {
     this.domain = domain;
   }
 
+  @Override
   public void setPrincipals(final PrincipalCollection principals) {
     this.principals = principals;
   }
 
+  @Override
   public void setApiKey(final char[] apiKey) {
     this.apiKey = Arrays.copyOf(apiKey, apiKey.length);
   }
@@ -73,6 +88,7 @@ public OffsetDateTime getCreated() {
     return created;
   }
 
+  @Override
   public void setCreated(final OffsetDateTime created) {
     this.created = created;
   }

components/nexus-core/src/main/java/org/sonatype/nexus/internal/security/apikey/orient/OrientApiKeyEntityAdapter.java

@@ -25,7 +25,6 @@
 import java.util.Map;
 import java.util.Optional;
 import java.util.stream.Collectors;
-
 import javax.annotation.Nullable;
 import javax.inject.Inject;
 import javax.inject.Named;
@@ -93,6 +92,12 @@ public class OrientApiKeyEntityAdapter
   private static final String DOMAIN_QUERY_STRING = format(
       "SELECT FROM %s WHERE %s = :domain ORDER BY %s", DB_CLASS, P_DOMAIN, P_CREATED);
 
+  private static final String DOMAIN_PAGINATED_QUERY_STRING = format(
+      "SELECT FROM %s WHERE %s = :domain ORDER BY %s SKIP :skip LIMIT :limit",
+      DB_CLASS,
+      P_DOMAIN,
+      P_CREATED);
+
   private static final String PRINCIPAL_QUERY_STRING = format(
       "SELECT FROM %s WHERE %s = :primary_principal ORDER BY %s", DB_CLASS, P_PRIMARY_PRINCIPAL, P_CREATED);
 
@@ -237,6 +242,20 @@ public Iterable<OrientApiKey> browseByDomain(final ODatabaseDocumentTx db, final
     return query(db, DOMAIN_QUERY_STRING, params);
   }
 
+  /**
+   * Browse all keys in the specified domain (paginated)
+   */
+  public Iterable<OrientApiKey> browseByDomainPaginated(
+      final ODatabaseDocumentTx db,
+      final String domain,
+      final int skip,
+      final int limit)
+  {
+    Map<String, Object> params = ImmutableMap.of(P_DOMAIN, domain, "skip", skip, "limit", limit);
+
+    return query(db, DOMAIN_PAGINATED_QUERY_STRING, params);
+  }
+
   public int countByDomainI(final ODatabaseDocumentTx db, final String domain) {
     Map<String, Object> params = ImmutableMap.of(P_DOMAIN, domain);
 

components/nexus-core/src/main/java/org/sonatype/nexus/internal/security/apikey/orient/OrientApiKeyStore.java

@@ -103,6 +103,15 @@ protected void doStart() throws Exception {
     }
   }
 
+  public ApiKey newApiKey(
+      final String domain,
+      final PrincipalCollection principals,
+      char[] apiKey,
+      OffsetDateTime created)
+  {
+    return new OrientApiKey(domain, principals, apiKey, created);
+  }
+
   @Override
   @Guarded(by = STARTED)
   public char[] createApiKey(final String domain, final PrincipalCollection principals) {
@@ -291,6 +300,24 @@ public void deleteApiKeys(final OffsetDateTime expiration) {
     });
   }
 
+  @Override
+  public void updateApiKey(final ApiKey from, final ApiKey to) {
+    OrientApiKey fromApiKey = (OrientApiKey) from;
+    fromApiKey.setApiKey(to.getApiKey());
+    fromApiKey.setPrincipals(to.getPrincipals());
+    fromApiKey.setCreated(to.getCreated());
+    inTx(databaseInstance).run(db -> entityAdapter.editEntity(db, fromApiKey));
+  }
+
+  @Override
+  public Collection<ApiKey> browsePaginated(final String domain, final int page, final int pageSize) {
+    Iterable<OrientApiKey> keys = inTx(databaseInstance)
+        .retryOn(ONeedRetryException.class, ORecordNotFoundException.class)
+        .call(db -> entityAdapter.browseByDomainPaginated(db, domain, (page - 1) * pageSize, pageSize));
+
+    return convert(keys);
+  }
+
   private static Collection<ApiKey> convert(final Iterable<OrientApiKey> keys) {
     return StreamSupport.stream(keys.spliterator(), false)
         .map(ApiKey.class::cast)
@@ -301,4 +328,4 @@ private boolean principalsEqual(final PrincipalCollection a, final PrincipalColl
     return Objects.equals(a.getPrimaryPrincipal(), b.getPrimaryPrincipal()) &&
         Objects.equals(a.getRealmNames(), b.getRealmNames());
   }
-}
+}