in maven-resolver-generator-gnupg/src/main/java/org/eclipse/aether/generator/gnupg/GnupgSignatureArtifactGeneratorFactory.java [123:211]
private GnupgSignatureArtifactGenerator doCreateArtifactGenerator(
RepositorySystemSession session, Collection<Artifact> artifacts, Predicate<Artifact> artifactPredicate)
throws IOException {
byte[] keyRingMaterial = null;
for (Loader loader : loaders.values()) {
keyRingMaterial = loader.loadKeyRingMaterial(session);
if (keyRingMaterial != null) {
break;
}
}
if (keyRingMaterial == null) {
throw new IllegalArgumentException("Key ring material not found");
}
byte[] fingerprint = null;
for (Loader loader : loaders.values()) {
fingerprint = loader.loadKeyFingerprint(session);
if (fingerprint != null) {
break;
}
}
try {
PGPSecretKeyRingCollection pgpSecretKeyRingCollection = new PGPSecretKeyRingCollection(
PGPUtil.getDecoderStream(new ByteArrayInputStream(keyRingMaterial)),
new BcKeyFingerprintCalculator());
PGPSecretKey secretKey = null;
for (PGPSecretKeyRing ring : pgpSecretKeyRingCollection) {
for (PGPSecretKey key : ring) {
if (!key.isPrivateKeyEmpty()) {
if (fingerprint == null || Arrays.equals(fingerprint, key.getFingerprint())) {
secretKey = key;
break;
}
}
}
}
if (secretKey == null) {
throw new IllegalArgumentException("Secret key not found");
}
if (secretKey.isPrivateKeyEmpty()) {
throw new IllegalArgumentException("Private key not found in Secret key");
}
long validSeconds = secretKey.getPublicKey().getValidSeconds();
if (validSeconds > 0) {
LocalDateTime expireDateTime = secretKey
.getPublicKey()
.getCreationTime()
.toInstant()
.atZone(ZoneId.systemDefault())
.toLocalDateTime()
.plusSeconds(validSeconds);
if (LocalDateTime.now().isAfter(expireDateTime)) {
throw new IllegalArgumentException("Secret key expired at: " + expireDateTime);
}
}
char[] keyPassword = null;
final boolean keyPassNeeded = secretKey.getKeyEncryptionAlgorithm() != SymmetricKeyAlgorithmTags.NULL;
if (keyPassNeeded) {
for (Loader loader : loaders.values()) {
keyPassword = loader.loadPassword(session, secretKey.getFingerprint());
if (keyPassword != null) {
break;
}
}
if (keyPassword == null) {
throw new IllegalArgumentException("Secret key is encrypted but no key password provided");
}
}
PGPPrivateKey privateKey = secretKey.extractPrivateKey(
new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider()).build(keyPassword));
if (keyPassword != null) {
Arrays.fill(keyPassword, ' ');
}
PGPSignatureSubpacketGenerator subPacketGenerator = new PGPSignatureSubpacketGenerator();
subPacketGenerator.setIssuerFingerprint(false, secretKey);
PGPSignatureSubpacketVector hashSubPackets = subPacketGenerator.generate();
return new GnupgSignatureArtifactGenerator(
artifacts, artifactPredicate, secretKey, privateKey, hashSubPackets, getKeyInfo(secretKey));
} catch (PGPException | IOException e) {
throw new IllegalStateException(e);
}
}