[MRESOLVER-301] Artifact generators (apache#432)

Artifact generators and one implementation: GnuPG Signer.

The "signer" generator is simple module for signing artifacts with GnuPG Signer.

---

https://issues.apache.org/jira/browse/MRESOLVER-301

Author: cstamas

maven-resolver-api/src/main/java/org/eclipse/aether/ConfigurationProperties.java

@@ -60,13 +60,27 @@ public final class ConfigurationProperties {
      */
     public static final String PREFIX_LAYOUT = PREFIX_AETHER + "layout.";
 
+    /**
+     * Prefix for checksum related configurations. <em>For internal use only.</em>
+     *
+     * @since 2.0.0
+     */
+    public static final String PREFIX_CHECKSUMS = PREFIX_AETHER + "checksums.";
+
     /**
      * Prefix for local repository manager related configurations. <em>For internal use only.</em>
      *
      * @since 2.0.0
      */
     public static final String PREFIX_LRM = PREFIX_AETHER + "lrm.";
 
+    /**
+     * Prefix for generator related configurations. <em>For internal use only.</em>
+     *
+     * @since 2.0.0
+     */
+    public static final String PREFIX_GENERATOR = PREFIX_AETHER + "generator.";
+
     /**
      * Prefix for transport related configurations. <em>For internal use only.</em>
      *

maven-resolver-demos/maven-resolver-demo-snippets/pom.xml

@@ -34,8 +34,8 @@
 
   <properties>
     <Automatic-Module-Name>org.apache.maven.resolver.demo.snippets</Automatic-Module-Name>
-    <!-- To make Jetty work -->
-    <javaVersion>11</javaVersion>
+    <!-- Jetty 10.x needs Java 11, generator-signer needs 17: we want both to work -->
+    <javaVersion>17</javaVersion>
   </properties>
 
   <dependencies>
@@ -75,6 +75,10 @@
       <groupId>org.apache.maven.resolver</groupId>
       <artifactId>maven-resolver-transport-jetty</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.apache.maven.resolver</groupId>
+      <artifactId>maven-resolver-generator-gnupg</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.apache.maven.resolver</groupId>
       <artifactId>maven-resolver-supplier</artifactId>

maven-resolver-demos/maven-resolver-demo-snippets/src/main/java/org/apache/maven/resolver/examples/supplier/SupplierRepositorySystemFactory.java

@@ -18,9 +18,13 @@
  */
 package org.apache.maven.resolver.examples.supplier;
 
+import java.util.LinkedHashMap;
 import java.util.Map;
 
 import org.eclipse.aether.RepositorySystem;
+import org.eclipse.aether.generator.gnupg.GnupgSignatureArtifactGeneratorFactory;
+import org.eclipse.aether.generator.gnupg.loaders.*;
+import org.eclipse.aether.spi.artifact.generator.ArtifactGeneratorFactory;
 import org.eclipse.aether.spi.connector.transport.TransporterFactory;
 import org.eclipse.aether.supplier.RepositorySystemSupplier;
 import org.eclipse.aether.transport.jdk.JdkTransporterFactory;
@@ -32,6 +36,26 @@
 public class SupplierRepositorySystemFactory {
     public static RepositorySystem newRepositorySystem() {
         return new RepositorySystemSupplier() {
+            @Override
+            protected Map<String, ArtifactGeneratorFactory> createArtifactGeneratorFactories() {
+                Map<String, ArtifactGeneratorFactory> result = super.createArtifactGeneratorFactories();
+                result.put(
+                        GnupgSignatureArtifactGeneratorFactory.NAME,
+                        new GnupgSignatureArtifactGeneratorFactory(
+                                getArtifactPredicateFactory(), getGnupgSignatureArtifactGeneratorFactoryLoaders()));
+                return result;
+            }
+
+            private Map<String, GnupgSignatureArtifactGeneratorFactory.Loader>
+                    getGnupgSignatureArtifactGeneratorFactoryLoaders() {
+                // order matters
+                LinkedHashMap<String, GnupgSignatureArtifactGeneratorFactory.Loader> loaders = new LinkedHashMap<>();
+                loaders.put(GpgEnvLoader.NAME, new GpgEnvLoader());
+                loaders.put(GpgConfLoader.NAME, new GpgConfLoader());
+                loaders.put(GpgAgentPasswordLoader.NAME, new GpgAgentPasswordLoader());
+                return loaders;
+            }
+
             @Override
             protected Map<String, TransporterFactory> createTransporterFactories() {
                 Map<String, TransporterFactory> result = super.createTransporterFactories();

maven-resolver-demos/maven-resolver-demo-snippets/src/main/java/org/apache/maven/resolver/examples/util/Booter.java

@@ -18,6 +18,7 @@
  */
 package org.apache.maven.resolver.examples.util;
 
+import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -61,22 +62,29 @@ public static RepositorySystem newRepositorySystem(final String factory) {
     }
 
     public static SessionBuilder newRepositorySystemSession(RepositorySystem system) {
+        Path localRepo = Paths.get("target/local-repo");
         // FileSystem fs = Jimfs.newFileSystem(Configuration.unix());
-        SessionBuilder result = new SessionBuilderSupplier(system)
+        return new SessionBuilderSupplier(system)
                 .get()
                 //        .withLocalRepositoryBaseDirectories(fs.getPath("local-repo"))
-                .withLocalRepositoryBaseDirectories(Paths.get("target/local-repo"))
+                .withLocalRepositoryBaseDirectories(localRepo)
                 .setRepositoryListener(new ConsoleRepositoryListener())
-                .setTransferListener(new ConsoleTransferListener());
-        result.setConfigProperty("aether.syncContext.named.factory", "noop");
+                .setTransferListener(new ConsoleTransferListener())
+                .setConfigProperty("aether.generator.gpg.enabled", Boolean.TRUE.toString())
+                .setConfigProperty(
+                        "aether.generator.gpg.keyFilePath",
+                        Paths.get("src/main/resources/alice.key")
+                                .toAbsolutePath()
+                                .toString())
+                .setConfigProperty("aether.syncContext.named.factory", "noop");
         // result.addOnSessionEndedHandler(() -> {
         //     try {
         //         fs.close();
         //     } catch (IOException e) {
         //         throw new UncheckedIOException(e);
         //     }
         // });
-        return result;
+
         // uncomment to generate dirty trees
         // session.setDependencyGraphTransformer( null );
     }

maven-resolver-demos/maven-resolver-demo-snippets/src/main/resources/alice.key

@@ -0,0 +1,17 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Comment: Alice's OpenPGP Transferable Secret Key
+Comment: https://www.ietf.org/id/draft-bre-openpgp-samples-01.html
+
+lFgEXEcE6RYJKwYBBAHaRw8BAQdArjWwk3FAqyiFbFBKT4TzXcVBqPTB3gmzlC/U
+b7O1u10AAP9XBeW6lzGOLx7zHH9AsUDUTb2pggYGMzd0P3ulJ2AfvQ4RtCZBbGlj
+ZSBMb3ZlbGFjZSA8YWxpY2VAb3BlbnBncC5leGFtcGxlPoiQBBMWCAA4AhsDBQsJ
+CAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE64W7X6M6deFelE5j8jFVDE9H444FAl2l
+nzoACgkQ8jFVDE9H447pKwD6A5xwUqIDprBzrHfahrImaYEZzncqb25vkLV2arYf
+a78A/R3AwtLQvjxwLDuzk4dUtUwvUYibL2sAHwj2kGaHnfICnF0EXEcE6RIKKwYB
+BAGXVQEFAQEHQEL/BiGtq0k84Km1wqQw2DIikVYrQrMttN8d7BPfnr4iAwEIBwAA
+/3/xFPG6U17rhTuq+07gmEvaFYKfxRB6sgAYiW6TMTpQEK6IeAQYFggAIBYhBOuF
+u1+jOnXhXpROY/IxVQxPR+OOBQJcRwTpAhsMAAoJEPIxVQxPR+OOWdABAMUdSzpM
+hzGs1O0RkWNQWbUzQ8nUOeD9wNbjE3zR+yfRAQDbYqvtWQKN4AQLTxVJN5X5AWyb
+Pnn+We1aTBhaGa86AQ==
+=n8OM
+-----END PGP PRIVATE KEY BLOCK-----

maven-resolver-generator-gnupg/pom.xml

@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>org.apache.maven.resolver</groupId>
+    <artifactId>maven-resolver</artifactId>
+    <version>2.0.0-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>maven-resolver-generator-gnupg</artifactId>
+
+  <name>Maven Artifact Resolver GnuPG Signer Generator</name>
+  <description>A generator implementation for GnuPG signatures.</description>
+
+  <properties>
+    <Automatic-Module-Name>org.apache.maven.resolver.generator.gnupg</Automatic-Module-Name>
+    <Bundle-SymbolicName>${Automatic-Module-Name}</Bundle-SymbolicName>
+
+    <bouncycastleVersion>1.77</bouncycastleVersion>
+
+    <javaVersion>17</javaVersion>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.maven.resolver</groupId>
+      <artifactId>maven-resolver-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven.resolver</groupId>
+      <artifactId>maven-resolver-spi</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven.resolver</groupId>
+      <artifactId>maven-resolver-util</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>javax.inject</groupId>
+      <artifactId>javax.inject</artifactId>
+      <scope>provided</scope>
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.sisu</groupId>
+      <artifactId>org.eclipse.sisu.inject</artifactId>
+      <scope>provided</scope>
+      <optional>true</optional>
+    </dependency>
+
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpg-jdk18on</artifactId>
+      <version>${bouncycastleVersion}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcprov-jdk18on</artifactId>
+      <version>${bouncycastleVersion}</version>
+    </dependency>
+
+    <dependency>
+      <groupId>org.junit.jupiter</groupId>
+      <artifactId>junit-jupiter-api</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.maven.resolver</groupId>
+      <artifactId>maven-resolver-test-util</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-simple</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.mockito</groupId>
+      <artifactId>mockito-core</artifactId>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.rat</groupId>
+        <artifactId>apache-rat-plugin</artifactId>
+        <configuration>
+          <excludes combine.children="append">
+            <exclude>src/test/resources/gpg-signing/**</exclude>
+          </excludes>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.eclipse.sisu</groupId>
+        <artifactId>sisu-maven-plugin</artifactId>
+      </plugin>
+      <plugin>
+        <groupId>biz.aQute.bnd</groupId>
+        <artifactId>bnd-maven-plugin</artifactId>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-jar-plugin</artifactId>
+        <configuration>
+          <archive>
+            <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+          </archive>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+</project>

maven-resolver-generator-gnupg/src/main/java/org/eclipse/aether/generator/gnupg/GnupgConfigurationKeys.java

@@ -0,0 +1,92 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.eclipse.aether.generator.gnupg;
+
+import org.eclipse.aether.ConfigurationProperties;
+import org.eclipse.aether.RepositorySystemSession;
+
+/**
+ * Configuration for GPG Signer.
+ *
+ * @since 2.0.0
+ */
+public final class GnupgConfigurationKeys {
+    private GnupgConfigurationKeys() {}
+
+    static final String NAME = "gpg";
+
+    static final String CONFIG_PROPS_PREFIX = ConfigurationProperties.PREFIX_GENERATOR + NAME + ".";
+
+    /**
+     * Whether GnuPG signer is enabled.
+     *
+     * @configurationSource {@link RepositorySystemSession#getConfigProperties()}
+     * @configurationType {@link Boolean}
+     * @configurationDefaultValue {@link #DEFAULT_ENABLED}
+     */
+    public static final String CONFIG_PROP_ENABLED = CONFIG_PROPS_PREFIX + "enabled";
+
+    public static final boolean DEFAULT_ENABLED = false;
+
+    /**
+     * The PGP KeyID, optional. If not set, first secret key found will be used.
+     *
+     * @configurationSource {@link RepositorySystemSession#getConfigProperties()}
+     * @configurationType {@link Long}
+     */
+    public static final String CONFIG_PROP_KEY_ID = CONFIG_PROPS_PREFIX + "keyId";
+
+    /**
+     * The path to the OpenPGP transferable secret key file. If relative, is resolved from local repository root.
+     *
+     * @configurationSource {@link RepositorySystemSession#getConfigProperties()}
+     * @configurationType {@link String}
+     * @configurationDefaultValue {@link #DEFAULT_KEY_FILE_PATH}
+     */
+    public static final String CONFIG_PROP_KEY_FILE_PATH = CONFIG_PROPS_PREFIX + "keyFilePath";
+
+    public static final String DEFAULT_KEY_FILE_PATH = "maven-signing-key.key";
+
+    /**
+     * The GnuPG agent socket(s) to try. Comma separated list of socket paths. If relative, will be resolved from
+     * user home directory.
+     *
+     * @configurationSource {@link RepositorySystemSession#getConfigProperties()}
+     * @configurationType {@link String}
+     * @configurationDefaultValue {@link #DEFAULT_AGENT_SOCKET_LOCATIONS}
+     */
+    public static final String CONFIG_PROP_AGENT_SOCKET_LOCATIONS = CONFIG_PROPS_PREFIX + "agentSocketLocations";
+
+    public static final String DEFAULT_AGENT_SOCKET_LOCATIONS = ".gnupg/S.gpg-agent";
+
+    /**
+     * Env variable name to pass in key pass.
+     */
+    public static final String RESOLVER_GPG_KEY_PASS = "RESOLVER_GPG_KEY_PASS";
+
+    /**
+     * Env variable name to pass in key material.
+     */
+    public static final String RESOLVER_GPG_KEY = "RESOLVER_GPG_KEY";
+
+    /**
+     * Env variable name to pass in key ID.
+     */
+    public static final String RESOLVER_GPG_KEY_ID = "RESOLVER_GPG_KEY_ID";
+}