Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Trusted GPG-key should only accept 160-bit fingerprints
- Loading branch information
1 parent
d23393b
commit ff1d3bb
Showing
14 changed files
with
408 additions
and
129 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
72 changes: 72 additions & 0 deletions
72
...gradle/api/internal/artifacts/verification/exceptions/ComponentVerificationException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
/* | ||
* Copyright 2023 the original author or authors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.gradle.api.internal.artifacts.verification.exceptions; | ||
|
||
import org.gradle.api.GradleException; | ||
import org.gradle.api.artifacts.component.ModuleComponentIdentifier; | ||
import org.gradle.internal.logging.text.TreeFormatter; | ||
|
||
import java.util.function.Consumer; | ||
|
||
public class ComponentVerificationException extends GradleException { | ||
|
||
private final ModuleComponentIdentifier component; | ||
private final Consumer<TreeFormatter> causeErrorFormatter; | ||
|
||
/** | ||
* Creates a new exception when a component cannot be verified - because of some reason. | ||
* | ||
* @param component the component which failed the verification | ||
*/ | ||
public ComponentVerificationException(String message, ModuleComponentIdentifier component) { | ||
super(message); | ||
this.component = component; | ||
this.causeErrorFormatter = null; | ||
} | ||
|
||
/** | ||
* Creates a new exception when a component cannot be verified - because of some reason. | ||
* | ||
* @param component the component which failed the verification | ||
* @param causeErrorFormatter a consumer, which will be called with a {@link TreeFormatter}, and can put extra details what happened | ||
*/ | ||
public ComponentVerificationException(ModuleComponentIdentifier component, Consumer<TreeFormatter> causeErrorFormatter) { | ||
this.component = component; | ||
this.causeErrorFormatter = causeErrorFormatter; | ||
} | ||
|
||
@Override | ||
public String getMessage() { | ||
final TreeFormatter treeFormatter = new TreeFormatter(); | ||
// Add our header first | ||
treeFormatter.node( | ||
String.format( | ||
"An error happened meanwhile verifying '%s:%s:%s':", | ||
component.getGroup(), component.getModule(), component.getVersion() | ||
) | ||
); | ||
|
||
if (this.causeErrorFormatter != null) { | ||
treeFormatter.startChildren(); | ||
// Let the underlying exception explain the situation | ||
causeErrorFormatter.accept(treeFormatter); | ||
treeFormatter.endChildren(); | ||
|
||
} | ||
return treeFormatter.toString(); | ||
} | ||
} |
32 changes: 32 additions & 0 deletions
32
...radle/api/internal/artifacts/verification/exceptions/DependencyVerificationException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
/* | ||
* Copyright 2023 the original author or authors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.gradle.api.internal.artifacts.verification.exceptions; | ||
|
||
import org.gradle.api.GradleException; | ||
import org.gradle.internal.exceptions.Contextual; | ||
|
||
@Contextual | ||
public class DependencyVerificationException extends GradleException { | ||
|
||
public DependencyVerificationException(String message) { | ||
super(message); | ||
} | ||
|
||
public DependencyVerificationException(String message, Throwable cause) { | ||
super(message, cause); | ||
} | ||
} |
70 changes: 70 additions & 0 deletions
70
.../org/gradle/api/internal/artifacts/verification/exceptions/InvalidGpgKeyIdsException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
/* | ||
* Copyright 2023 the original author or authors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.gradle.api.internal.artifacts.verification.exceptions; | ||
|
||
import org.gradle.api.GradleException; | ||
import org.gradle.api.internal.DocumentationRegistry; | ||
import org.gradle.internal.logging.text.TreeFormatter; | ||
|
||
import java.util.List; | ||
|
||
/** | ||
* Exception class used when a GPG IDs were not correct. | ||
* | ||
* <p> | ||
* An example is using short/long IDs instead of fingerprints when trusting keys | ||
*/ | ||
public class InvalidGpgKeyIdsException extends GradleException { | ||
private final List<String> wrongKeys; | ||
|
||
/** | ||
* Creates a new exception with a list of incorrect keys. | ||
* | ||
* @param wrongKeys the list of incorrect IDs, which will be nicely formatted as part of the exception messages so the user can find them | ||
*/ | ||
public InvalidGpgKeyIdsException(List<String> wrongKeys) { | ||
this.wrongKeys = wrongKeys; | ||
} | ||
|
||
/** | ||
* Formats a nice error message by using a {@link TreeFormatter}. | ||
* | ||
* <p> | ||
* Idea for this method is that you can pass a higher-level {@link TreeFormatter} into here, and get a coherent, nice error message printed out - so the user will see a nice chain of causes. | ||
*/ | ||
public void formatMessage(TreeFormatter formatter) { | ||
final DocumentationRegistry documentationRegistry = new DocumentationRegistry(); | ||
final String documentLink = documentationRegistry.getDocumentationFor("dependency_verification", "sec:understanding-signature-verification"); | ||
|
||
formatter.node( | ||
String.format("The following trusted GPG IDs are not in a minimum 160-bit fingerprint format (see: %s):", documentLink) | ||
); | ||
formatter.startChildren(); | ||
wrongKeys | ||
.stream() | ||
.map(key -> String.format("'%s'", key)) | ||
.forEach(formatter::node); | ||
formatter.endChildren(); | ||
} | ||
|
||
@Override | ||
public String getMessage() { | ||
final TreeFormatter treeFormatter = new TreeFormatter(); | ||
formatMessage(treeFormatter); | ||
return treeFormatter.toString(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.