s4u · slawekjaranowski · May 17, 2021 · May 17, 2021
diff --git a/src/main/java/org/simplify4u/plugins/AbstractPGPMojo.java b/src/main/java/org/simplify4u/plugins/AbstractPGPMojo.java
@@ -32,7 +32,7 @@
 import org.apache.maven.plugins.annotations.Parameter;
 import org.simplify4u.plugins.keyserver.KeyServerClientSettings;
 import org.simplify4u.plugins.keyserver.PGPKeysCache;
-import org.simplify4u.plugins.utils.PGPSignatureUtils;
+import org.simplify4u.plugins.pgp.SignatureUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -50,7 +50,7 @@ public abstract class AbstractPGPMojo extends AbstractMojo {
     protected PGPKeysCache pgpKeysCache;
 
     @Inject
-    protected PGPSignatureUtils pgpSignatureUtils;
+    protected SignatureUtils signatureUtils;
 
     @Inject
     protected MavenSession session;

diff --git a/src/main/java/org/simplify4u/plugins/PGPShowMojo.java b/src/main/java/org/simplify4u/plugins/PGPShowMojo.java
@@ -105,13 +105,13 @@ private boolean processArtifact(Map.Entry<Artifact,Artifact> artifactEntry) {
         Artifact artifactToCheck = artifactEntry.getKey();
         Artifact sig = artifactEntry.getValue();
 
-        SignatureCheckResult signatureInfo = pgpSignatureUtils.checkSignature(artifactToCheck, sig, pgpKeysCache);
+        SignatureCheckResult signatureCheckResult = signatureUtils.checkSignature(artifactToCheck, sig, pgpKeysCache);
 
         MessageBuilder messageBuilder = MessageUtils.buffer();
         messageBuilder.newline();
         messageBuilder.newline();
 
-        ArtifactInfo artifactInfo = signatureInfo.getArtifact();
+        ArtifactInfo artifactInfo = signatureCheckResult.getArtifact();
 
         messageBuilder.a("Artifact:").newline();
         messageBuilder.a("\tgroupId:     ").strong(artifactInfo.getGroupId()).newline();
@@ -120,13 +120,13 @@ private boolean processArtifact(Map.Entry<Artifact,Artifact> artifactEntry) {
         Optional.ofNullable(artifactInfo.getClassifier()).ifPresent(
                 classifier -> messageBuilder.a("\tclassifier:  ").strong(classifier).newline());
         messageBuilder.a("\tversion:     ").strong(artifactInfo.getVersion()).newline();
-        if (signatureInfo.getStatus() == SignatureStatus.ARTIFACT_NOT_RESOLVED) {
+        if (signatureCheckResult.getStatus() == SignatureStatus.ARTIFACT_NOT_RESOLVED) {
             messageBuilder.a("\t").failure("artifact was not resolved  - try mvn -U ...").newline();
         }
 
         messageBuilder.newline();
 
-        SignatureInfo signature = signatureInfo.getSignature();
+        SignatureInfo signature = signatureCheckResult.getSignature();
         if (signature != null) {
             messageBuilder.a("PGP signature:").newline();
             messageBuilder.a("\tversion:     ").strong(signature.getVersion()).newline();
@@ -137,25 +137,25 @@ private boolean processArtifact(Map.Entry<Artifact,Artifact> artifactEntry) {
             messageBuilder.a("\tkeyId:       ").strong(signature.getKeyId()).newline();
             messageBuilder.a("\tcreate date: ").strong(signature.getDate()).newline();
             messageBuilder.a("\tstatus:      ");
-            if (signatureInfo.getStatus() == SignatureStatus.SIGNATURE_VALID) {
+            if (signatureCheckResult.getStatus() == SignatureStatus.SIGNATURE_VALID) {
                 messageBuilder.success("valid");
             } else {
                 messageBuilder.failure("invalid");
             }
             messageBuilder.newline();
-        } else if (signatureInfo.getStatus() == SignatureStatus.SIGNATURE_NOT_RESOLVED) {
+        } else if (signatureCheckResult.getStatus() == SignatureStatus.SIGNATURE_NOT_RESOLVED) {
             messageBuilder.a("\t")
                     .failure("PGP signature was not resolved - try mvn -U ...").newline();
         }
 
         messageBuilder.newline();
 
-        KeyInfo key = signatureInfo.getKey();
+        KeyInfo key = signatureCheckResult.getKey();
         if (key != null) {
             messageBuilder.a("PGP key:").newline();
             messageBuilder.a("\tversion:     ").strong(key.getVersion()).newline();
             messageBuilder.a("\talgorithm:   ")
-                    .strong(pgpSignatureUtils.keyAlgorithmName(key.getAlgorithm())).newline();
+                    .strong(signatureUtils.keyAlgorithmName(key.getAlgorithm())).newline();
             messageBuilder.a("\tbits:        ").strong(key.getBits()).newline();
             messageBuilder.a("\tfingerprint: ").strong(key.getFingerprint()).newline();
             Optional.ofNullable(key.getMaster()).ifPresent(masterKey ->
@@ -167,12 +167,12 @@ private boolean processArtifact(Map.Entry<Artifact,Artifact> artifactEntry) {
 
         messageBuilder.newline();
 
-        Optional.ofNullable(signatureInfo.getErrorMessage()).ifPresent(errorMessage ->
+        Optional.ofNullable(signatureCheckResult.getErrorMessage()).ifPresent(errorMessage ->
                 messageBuilder.failure(errorMessage).newline());
 
         LOGGER.info(messageBuilder.toString());
 
-        return signatureInfo.getStatus() == SignatureStatus.SIGNATURE_VALID;
+        return signatureCheckResult.getStatus() == SignatureStatus.SIGNATURE_VALID;
     }
 
     private Artifact prepareArtifactToCheck() {

diff --git a/src/main/java/org/simplify4u/plugins/PGPVerifyMojo.java b/src/main/java/org/simplify4u/plugins/PGPVerifyMojo.java
@@ -47,16 +47,16 @@
 import org.simplify4u.plugins.keyserver.PGPKeyNotFound;
 import org.simplify4u.plugins.keysmap.KeysMap;
 import org.simplify4u.plugins.keysmap.KeysMapLocationConfig;
+import org.simplify4u.plugins.pgp.KeyId;
+import org.simplify4u.plugins.pgp.PublicKeyUtils;
+import org.simplify4u.plugins.pgp.SignatureException;
 import org.simplify4u.plugins.skipfilters.CompositeSkipper;
 import org.simplify4u.plugins.skipfilters.ProvidedDependencySkipper;
 import org.simplify4u.plugins.skipfilters.ReactorDependencySkipper;
 import org.simplify4u.plugins.skipfilters.ScopeSkipper;
 import org.simplify4u.plugins.skipfilters.SkipFilter;
 import org.simplify4u.plugins.skipfilters.SnapshotDependencySkipper;
 import org.simplify4u.plugins.skipfilters.SystemDependencySkipper;
-import org.simplify4u.plugins.utils.PGPKeyId;
-import org.simplify4u.plugins.utils.PGPSignatureException;
-import org.simplify4u.plugins.utils.PublicKeyUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -389,15 +389,15 @@ private boolean verifyPGPSignature(Artifact artifact, Artifact ascArtifact) thro
         LOGGER.debug("Artifact file: {}", artifactFile);
         LOGGER.debug("Artifact sign: {}", signatureFile);
 
-        PGPKeyId sigKeyID = null;
+        KeyId sigKeyID = null;
         try {
             final PGPSignature pgpSignature;
             try (FileInputStream input = new FileInputStream(signatureFile)) {
-                pgpSignature = pgpSignatureUtils.loadSignature(input);
+                pgpSignature = signatureUtils.loadSignature(input);
             }
 
             verifyWeakSignature(pgpSignature);
-            sigKeyID = pgpSignatureUtils.retrieveKeyId(pgpSignature);
+            sigKeyID = signatureUtils.retrieveKeyId(pgpSignature);
 
             PGPPublicKeyRing publicKeyRing = pgpKeysCache.getKeyRing(sigKeyID);
             PGPPublicKey publicKey = sigKeyID.getKeyFromRing(publicKeyRing);
@@ -412,7 +412,7 @@ private boolean verifyPGPSignature(Artifact artifact, Artifact ascArtifact) thro
             }
 
             pgpSignature.init(new BcPGPContentVerifierBuilderProvider(), publicKey);
-            pgpSignatureUtils.readFileContentInto(pgpSignature, artifactFile);
+            signatureUtils.readFileContentInto(pgpSignature, artifactFile);
 
             LOGGER.debug("signature.KeyAlgorithm: {} signature.hashAlgorithm: {}",
                     pgpSignature.getKeyAlgorithm(), pgpSignature.getHashAlgorithm());
@@ -428,7 +428,7 @@ private boolean verifyPGPSignature(Artifact artifact, Artifact ascArtifact) thro
             LOGGER.error("PGP key {} not found on keyserver for artifact {}",
                     pgpKeysCache.getUrlForShowKey(sigKeyID), artifact.getId());
             return false;
-        } catch (PGPSignatureException e) {
+        } catch (SignatureException e) {
             if (keysMap.isBrokenSignature(artifact)) {
                 logWithQuiet("{} PGP Signature is broken, consistent with keys map.", artifact::getId);
                 return true;
@@ -445,7 +445,7 @@ private boolean verifyPGPSignature(Artifact artifact, Artifact ascArtifact) thro
     }
 
     private void verifyWeakSignature(PGPSignature pgpSignature) throws MojoFailureException {
-        final String weakHashAlgorithm = pgpSignatureUtils.checkWeakHashAlgorithm(pgpSignature);
+        final String weakHashAlgorithm = signatureUtils.checkWeakHashAlgorithm(pgpSignature);
         if (weakHashAlgorithm == null) {
             return;
         }

diff --git a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysCache.java b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysCache.java
@@ -44,8 +44,8 @@
 import io.vavr.control.Try;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
-import org.simplify4u.plugins.utils.PGPKeyId;
-import org.simplify4u.plugins.utils.PublicKeyUtils;
+import org.simplify4u.plugins.pgp.KeyId;
+import org.simplify4u.plugins.pgp.PublicKeyUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -145,7 +145,7 @@ static KeyServerList createKeyServerList(List<PGPKeysServerClient> pgpKeysServer
      *
      * @return url from current key server
      */
-    public String getUrlForShowKey(PGPKeyId keyID) {
+    public String getUrlForShowKey(KeyId keyID) {
         return keyServerList.getUriForShowKey(keyID).toString();
     }
 
@@ -156,7 +156,7 @@ public String getUrlForShowKey(PGPKeyId keyID) {
      * @return Public Key Ring for given key
      * @throws IOException in case of problems
      */
-    public PGPPublicKeyRing getKeyRing(PGPKeyId keyID) throws IOException {
+    public PGPPublicKeyRing getKeyRing(KeyId keyID) throws IOException {
 
         String path = keyID.getHashPath();
         File keyFile = new File(cachePath, path);
@@ -176,7 +176,7 @@ public PGPPublicKeyRing getKeyRing(PGPKeyId keyID) throws IOException {
         }
     }
 
-    private static Optional<PGPPublicKeyRing> loadKeyFromFile(File keyFile, PGPKeyId keyID)
+    private static Optional<PGPPublicKeyRing> loadKeyFromFile(File keyFile, KeyId keyID)
             throws IOException {
         Optional<PGPPublicKeyRing> keyRing = Optional.empty();
         try (InputStream keyFileStream = new FileInputStream(keyFile)) {
@@ -191,7 +191,7 @@ private static Optional<PGPPublicKeyRing> loadKeyFromFile(File keyFile, PGPKeyId
         return keyRing;
     }
 
-    private static PGPPublicKeyRing receiveKey(File keyFile, PGPKeyId keyId, PGPKeysServerClient keysServerClient)
+    private static PGPPublicKeyRing receiveKey(File keyFile, KeyId keyId, PGPKeysServerClient keysServerClient)
             throws IOException {
         File dir = keyFile.getParentFile();
 
@@ -281,7 +281,7 @@ KeyServerList withClients(List<PGPKeysServerClient> keysServerClients) {
             return this;
         }
 
-        URI getUriForShowKey(PGPKeyId keyID) {
+        URI getUriForShowKey(KeyId keyID) {
             return lastClient.getUriForShowKey(keyID);
         }
 

diff --git a/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClient.java b/src/main/java/org/simplify4u/plugins/keyserver/PGPKeysServerClient.java
@@ -53,8 +53,8 @@
 import org.apache.http.impl.client.ProxyAuthenticationStrategy;
 import org.apache.http.impl.conn.DefaultProxyRoutePlanner;
 import org.apache.maven.settings.Proxy;
+import org.simplify4u.plugins.pgp.KeyId;
 import org.simplify4u.plugins.utils.ExceptionUtils;
-import org.simplify4u.plugins.utils.PGPKeyId;
 
 /**
  * Abstract base client for requesting keys from PGP key servers over HKP/HTTP and HKPS/HTTPS.
@@ -66,8 +66,19 @@ abstract class PGPKeysServerClient {
 
     private final KeyServerClientSettings keyServerClientSettings;
 
+    /**
+     * OnRetry hook interface.
+     */
     @FunctionalInterface
     public interface OnRetryConsumer {
+        /**
+         * Call when retry operation occurs on a key server client.
+         *
+         * @param address               address used to retrieve key
+         * @param numberOfRetryAttempts a number of try
+         * @param waitInterval          wait time
+         * @param lastThrowable         problem that cause to retry
+         */
         void onRetry(InetAddress address, int numberOfRetryAttempts, Duration waitInterval, Throwable lastThrowable);
 
     }
@@ -117,7 +128,7 @@ static PGPKeysServerClient getClient(String keyServer, KeyServerClientSettings k
         }
     }
 
-    private static String getQueryStringForGetKey(PGPKeyId keyID) {
+    private static String getQueryStringForGetKey(KeyId keyID) {
         return String.format("op=get&options=mr&search=%s", keyID);
     }
 
@@ -128,13 +139,13 @@ private static String getQueryStringForGetKey(PGPKeyId keyID) {
      *
      * @return URI with given key
      */
-    URI getUriForGetKey(PGPKeyId keyID) {
+    URI getUriForGetKey(KeyId keyID) {
         return Try.of(() -> new URI(keyserver.getScheme(), keyserver.getUserInfo(),
                 keyserver.getHost(), keyserver.getPort(),
                 "/pks/lookup", getQueryStringForGetKey(keyID), null)).get();
     }
 
-    private static String getQueryStringForShowKey(PGPKeyId keyID) {
+    private static String getQueryStringForShowKey(KeyId keyID) {
         return String.format("op=vindex&fingerprint=on&search=%s", keyID);
     }
 
@@ -145,7 +156,7 @@ private static String getQueryStringForShowKey(PGPKeyId keyID) {
      *
      * @return URI with given key
      */
-    URI getUriForShowKey(PGPKeyId keyID) {
+    URI getUriForShowKey(KeyId keyID) {
         return Try.of(() -> new URI(keyserver.getScheme(), keyserver.getUserInfo(),
                 keyserver.getHost(), keyserver.getPort(),
                 "/pks/lookup", getQueryStringForShowKey(keyID), null)).get();
@@ -164,7 +175,7 @@ URI getUriForShowKey(PGPKeyId keyID) {
      *
      * @throws IOException If the request fails, or the key cannot be written to the output stream.
      */
-    void copyKeyToOutputStream(PGPKeyId keyId, OutputStream outputStream, OnRetryConsumer onRetryConsumer)
+    void copyKeyToOutputStream(KeyId keyId, OutputStream outputStream, OnRetryConsumer onRetryConsumer)
             throws IOException {
 
         final URI keyUri = getUriForGetKey(keyId);

diff --git a/src/main/java/org/simplify4u/plugins/keysmap/KeyItemFingerprint.java b/src/main/java/org/simplify4u/plugins/keysmap/KeyItemFingerprint.java
@@ -22,8 +22,8 @@
 import lombok.EqualsAndHashCode;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
+import org.simplify4u.plugins.pgp.PublicKeyUtils;
 import org.simplify4u.plugins.utils.HexUtils;
-import org.simplify4u.plugins.utils.PublicKeyUtils;
 
 /**
  * Represent key as fingerprint for given artifact pattern.

diff --git a/src/main/java/org/simplify4u/plugins/pgp/KeyFingerprint.java b/src/main/java/org/simplify4u/plugins/pgp/KeyFingerprint.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2021 Slawomir Jaranowski
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.simplify4u.plugins.pgp;
+
+import lombok.RequiredArgsConstructor;
+import lombok.Value;
+import org.simplify4u.plugins.utils.HexUtils;
+
+/**
+ * Represent a key fingerprint.
+ */
+@Value
+@RequiredArgsConstructor
+public class KeyFingerprint {
+
+    byte[] fingerprint;
+
+    /**
+     * Costruct a key fingerprint from string representation.
+     * @param strFingerprint a key fingerprint as string
+     */
+    public KeyFingerprint(String strFingerprint) {
+        fingerprint = HexUtils.stringToFingerprint(strFingerprint);
+    }
+
+    public String toString() {
+        return HexUtils.fingerprintToString(fingerprint);
+    }
+}