public Collection generate()

in maven-resolver-generator-sigstore/src/main/java/org/eclipse/aether/generator/sigstore/SigstoreSignatureArtifactGenerator.java [68:139]


    public Collection<? extends Artifact> generate(Collection<? extends Artifact> generatedArtifacts) {
        try {
            artifacts.addAll(generatedArtifacts);

            // back out if Sigstore signatures found among artifacts
            if (artifacts.stream().anyMatch(a -> a.getExtension().endsWith(ARTIFACT_EXTENSION))) {
                logger.debug("Sigstore signatures are present among artifacts, bailing out");
                return Collections.emptyList();
            }

            // sign relevant artifacts
            ArrayList<Artifact> result = new ArrayList<>();
            ClassLoader originalClassLoader = Thread.currentThread().getContextClassLoader();
            Thread.currentThread().setContextClassLoader(KeylessSigner.class.getClassLoader());
            try (KeylessSigner signer = publicStaging
                    ? KeylessSigner.builder().sigstoreStagingDefaults().build()
                    : KeylessSigner.builder().sigstorePublicDefaults().build()) {
                for (Artifact artifact : artifacts) {
                    if (signableArtifactPredicate.test(artifact)) {
                        Path fileToSign = artifact.getPath();
                        Path signatureTempFile = Files.createTempFile("signer-sigstore", "tmp");
                        signatureTempFiles.add(signatureTempFile);

                        logger.debug("Signing " + artifact);
                        long start = System.currentTimeMillis();
                        Bundle bundle = signer.signFile(fileToSign);

                        X509Certificate cert = (X509Certificate)
                                bundle.getCertPath().getCertificates().get(0);
                        long durationMinutes = Certificates.validity(cert, ChronoUnit.MINUTES);

                        logger.debug("  Fulcio certificate (valid for "
                                + durationMinutes
                                + " m) obtained for "
                                + cert.getSubjectAlternativeNames()
                                        .iterator()
                                        .next()
                                        .get(1)
                                + " (by "
                                + FulcioOidHelper.getIssuerV2(cert)
                                + " IdP)");

                        FileUtils.writeFile(signatureTempFile, p -> Files.writeString(p, bundle.toJson()));

                        long duration = System.currentTimeMillis() - start;
                        logger.debug("  > Rekor entry "
                                + bundle.getEntries().get(0).getLogIndex()
                                + " obtained in "
                                + duration
                                + " ms, saved to "
                                + signatureTempFile);

                        result.add(new SubArtifact(
                                artifact,
                                artifact.getClassifier(),
                                artifact.getExtension() + ARTIFACT_EXTENSION,
                                signatureTempFile.toFile()));
                    }
                }
            } finally {
                Thread.currentThread().setContextClassLoader(originalClassLoader);
            }
            logger.info("Signed {} artifacts with Sigstore", result.size());
            return result;
        } catch (GeneralSecurityException e) {
            throw new IllegalArgumentException("Preparation problem", e);
        } catch (KeylessSignerException e) {
            throw new IllegalStateException("Processing problem", e);
        } catch (IOException e) {
            throw new UncheckedIOException("IO problem", e);
        }
    }