Merge pull request #302 from Yubico/conditional-publish

Apply publishing settings conditionally

Author: emlun

build.gradle

@@ -4,11 +4,14 @@ buildscript {
   }
   dependencies {
     classpath 'com.cinnober.gradle:semver-git:2.5.0'
+
+    if (project.findProperty('yubicoPublish') == 'true') {
+      classpath 'io.github.gradle-nexus:publish-plugin:1.3.0'
+    }
   }
 }
 plugins {
   id 'java-platform'
-  id 'io.github.gradle-nexus.publish-plugin' version '1.3.0'
 
   // The root project has no sources, but the dependency platform also needs to be published as an artifact
   // See https://docs.gradle.org/current/userguide/java_platform_plugin.html
@@ -21,10 +24,7 @@ import com.yubico.gradle.GitUtils
 rootProject.description = "Metadata root for the com.yubico:webauthn-server-* module family"
 
 project.ext.isCiBuild = System.env.CI == 'true'
-
-project.ext.publishEnabled = !isCiBuild &&
-  project.hasProperty('yubicoPublish') && project.yubicoPublish &&
-  project.hasProperty('ossrhUsername') && project.hasProperty('ossrhPassword')
+project.ext.publishEnabled = !isCiBuild && project.findProperty('yubicoPublish') == 'true'
 
 wrapper {
   gradleVersion = '8.1.1'
@@ -65,6 +65,8 @@ allprojects {
 }
 
 if (publishEnabled) {
+  apply plugin: 'io.github.gradle-nexus.publish-plugin'
+
   nexusPublishing {
     repositories {
       sonatype {

buildSrc/src/main/groovy/project-convention-publish.gradle

@@ -49,8 +49,10 @@ project.afterEvaluate {
         }
     }
 
-    signing {
-        useGpgCmd()
-        sign(publishing.publications.jars)
+    if (project.findProperty("yubicoPublish") == "true") {
+        signing {
+            useGpgCmd()
+            sign(publishing.publications.jars)
+        }
     }
 }

doc/development.md

@@ -2,6 +2,20 @@ Developer docs
 ===
 
 
+Setup for publishing
+---
+
+To enable publishing to Maven Central via Sonatype Nexus, set
+`yubicoPublish=true` in `$HOME/.gradle/gradle.properties` and add your Sonatype
+username and password. Example:
+
+```properties
+yubicoPublish=true
+ossrhUsername=8pnmjKQP
+ossrhPassword=bmjuyWSIik8P3Nq/ZM2G0Xs0sHEKBg+4q4zTZ8JDDRCr
+```
+
+
 Code formatting
 ---
 

webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java

@@ -31,13 +31,11 @@
 import com.yubico.webauthn.data.ByteArray;
 import com.yubico.webauthn.data.COSEAlgorithmIdentifier;
 import java.io.IOException;
-import java.math.BigInteger;
 import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.spec.InvalidKeySpecException;
-import java.security.spec.RSAPublicKeySpec;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -125,29 +123,17 @@ static PublicKey importCosePublicKey(ByteArray key)
     final int kty = cose.get(CBORObject.FromObject(1)).AsInt32();
     switch (kty) {
       case 1:
+        // COSE-JAVA is hardcoded to ed25519-java provider ("EdDSA") which would require an
+        // additional dependency to parse EdDSA keys via the OneKey constructor
         return importCoseEdDsaPublicKey(cose);
-      case 2:
-        return importCoseP256PublicKey(cose);
+      case 2: // Fall through
       case 3:
-        return importCoseRsaPublicKey(cose);
+        return new OneKey(cose).AsPublicKey();
       default:
         throw new IllegalArgumentException("Unsupported key type: " + kty);
     }
   }
 
-  private static PublicKey importCoseRsaPublicKey(CBORObject cose)
-      throws NoSuchAlgorithmException, InvalidKeySpecException {
-    RSAPublicKeySpec spec =
-        new RSAPublicKeySpec(
-            new BigInteger(1, cose.get(CBORObject.FromObject(-1)).GetByteString()),
-            new BigInteger(1, cose.get(CBORObject.FromObject(-2)).GetByteString()));
-    return KeyFactory.getInstance("RSA").generatePublic(spec);
-  }
-
-  private static ECPublicKey importCoseP256PublicKey(CBORObject cose) throws CoseException {
-    return (ECPublicKey) new OneKey(cose).AsPublicKey();
-  }
-
   private static PublicKey importCoseEdDsaPublicKey(CBORObject cose)
       throws InvalidKeySpecException, NoSuchAlgorithmException {
     final int curveId = cose.get(CBORObject.FromObject(-1)).AsInt32();