You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by GitBox <gi...@apache.org> on 2020/05/19 15:37:17 UTC
[GitHub] [maven] spyhunter99 opened a new pull request #345: MNG-5583 new feature PKI authentication to nexus repositories
spyhunter99 opened a new pull request #345:
URL: https://github.com/apache/maven/pull/345
Note requires the additional commits in maven-resolver and maven-wagon.
https://github.com/apache/maven-resolver/pull/51
https://github.com/apache/maven-wagon/pull/67
Following this checklist to help us incorporate your
contribution quickly and easily:
- [X] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/MNG) filed
for the change (usually before you start working on it). Trivial changes like typos do not
require a JIRA issue. Your pull request should address just this issue, without
pulling in other changes.
- [X] Each commit in the pull request should have a meaningful subject line and body.
- [X] Format the pull request title like `[MNG-XXX] - Fixes bug in ApproximateQuantiles`,
where you replace `MNG-XXX` with the appropriate JIRA issue. Best practice
is to use the JIRA issue title in the pull request title and in the first line of the
commit message.
- [X] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
- [X] Run `mvn clean verify` to make sure basic checks pass. A more thorough check will
be performed on your pull request automatically.
- [ ] You have run the [Core IT][core-its] successfully.
If your pull request is about ~20 lines of code you don't need to sign an
[Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf) if you are unsure
please ask on the developers list.
To make clear that you license your contribution under
the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
you have to acknowledge this by using the following check-box.
- [X] I hereby declare this contribution to be licenced under the [Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)
- [ ] In any other case, please file an [Apache Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
[core-its]: https://maven.apache.org/core-its/core-it-suite/
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven] mthmulders commented on a change in pull request #345: MNG-5583 new feature PKI authentication to nexus repositories
Posted by GitBox <gi...@apache.org>.
mthmulders commented on a change in pull request #345:
URL: https://github.com/apache/maven/pull/345#discussion_r427750837
##########
File path: maven-artifact/src/main/java/org/apache/maven/artifact/repository/Authentication.java
##########
@@ -125,5 +126,301 @@ public void setPrivateKey( final String privateKey )
{
this.privateKey = privateKey;
}
+
+
+ /**
+ *
Review comment:
Could you remove the superfluous `*` lines?
##########
File path: maven-artifact/src/main/java/org/apache/maven/artifact/repository/Authentication.java
##########
@@ -21,6 +21,7 @@
/**
* Authentication
+ * <br>May 2020, MNG-5583 per endpoint PKI authentication
Review comment:
This comment can be moved to release notes or a changelog, it doesn't have to be part of the Javadoc.
##########
File path: maven-core/src/main/java/org/apache/maven/internal/aether/DefaultRepositorySystemSessionFactory.java
##########
@@ -197,6 +197,15 @@ else if ( request.isUpdateSnapshots() )
for ( Server server : decrypted.getServers() )
{
AuthenticationBuilder authBuilder = new AuthenticationBuilder();
+ //MNG-5583 per endpoint PKI authentication
+ authBuilder.addString( "getKeyAlias", server.getKeyAlias() );
Review comment:
Can't you re-use the constants you declared in one of the earlier pull requests here?
##########
File path: maven-settings/src/main/mdo/settings.mdo
##########
@@ -580,6 +580,92 @@
]]>
</description>
</field>
+
+
+ <field>
+ <name>trustStore</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ The path to the trust store. If not defined, the JRE's cacert store is used.
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+ <field>
+ <name>trustStorePassword</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ The password to the trust store.
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+ <field>
+ <name>trustStoreType</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ The type of trust store, default is JKS
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+ <field>
+ <name>keyStore</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ The path to the keystore used for authentication purposes, or null
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+
+ <field>
+ <name>keyStorePassword</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ Keystore password, can be null
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+ <field>
+ <name>keyAlias</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ Keystore if the key store has multiple key pairs, this can be used to explicitly
Review comment:
Could you remove the first word? I think it's superfluous.
##########
File path: maven-compat/src/main/java/org/apache/maven/artifact/manager/DefaultWagonManager.java
##########
@@ -93,7 +92,16 @@ public AuthenticationInfo getAuthenticationInfo( String id )
authInfo.setUserName( server.getUsername() );
authInfo.setPassword( server.getPassword() );
authInfo.setPrivateKey( server.getPrivateKey() );
+ //MNG-5583 per endpoint PKI authentication
Review comment:
This line is not needed here, we could put in the release notes or changelog.
##########
File path: maven-compat/src/main/java/org/apache/maven/repository/legacy/LegacyRepositorySystem.java
##########
@@ -602,6 +601,17 @@ private Authentication getAuthentication( RepositorySystemSession session, Artif
authCtx.get( AuthenticationContext.PASSWORD ) );
result.setPrivateKey( authCtx.get( AuthenticationContext.PRIVATE_KEY_PATH ) );
result.setPassphrase( authCtx.get( AuthenticationContext.PRIVATE_KEY_PASSPHRASE ) );
+ //MNG-5583 per endpoint PKI authentication
+ result.setKeyAlias( authCtx.get( "getKeyAlias" ) );
Review comment:
Can't you re-use the constants you declared in one of the earlier pull requests here?
##########
File path: maven-core/src/main/java/org/apache/maven/internal/aether/DefaultRepositorySystemSessionFactory.java
##########
@@ -197,6 +197,15 @@ else if ( request.isUpdateSnapshots() )
for ( Server server : decrypted.getServers() )
{
AuthenticationBuilder authBuilder = new AuthenticationBuilder();
+ //MNG-5583 per endpoint PKI authentication
Review comment:
This line is not needed here, we could put in the release notes or changelog.
##########
File path: maven-compat/src/main/java/org/apache/maven/repository/legacy/LegacyRepositorySystem.java
##########
@@ -602,6 +601,17 @@ private Authentication getAuthentication( RepositorySystemSession session, Artif
authCtx.get( AuthenticationContext.PASSWORD ) );
result.setPrivateKey( authCtx.get( AuthenticationContext.PRIVATE_KEY_PATH ) );
result.setPassphrase( authCtx.get( AuthenticationContext.PRIVATE_KEY_PASSPHRASE ) );
+ //MNG-5583 per endpoint PKI authentication
Review comment:
This line is not needed here, we could put in the release notes or changelog.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [maven] kwin commented on a change in pull request #345: MNG-5583 new feature PKI authentication to nexus repositories
Posted by GitBox <gi...@apache.org>.
kwin commented on a change in pull request #345:
URL: https://github.com/apache/maven/pull/345#discussion_r445169403
##########
File path: maven-artifact/src/main/java/org/apache/maven/artifact/repository/Authentication.java
##########
@@ -125,5 +126,301 @@ public void setPrivateKey( final String privateKey )
{
this.privateKey = privateKey;
}
+
+
+ /**
+ *
+ *
+ * The path to the trust store. If not defined, the JRE's cacert store is
+ * used.
+ *
+ *
+ */
+ private String trustStore;
+
+ /**
+ *
+ *
+ * The password to the trust store.
+ *
+ *
+ */
+ private String trustStorePassword;
+
+ /**
+ *
+ *
+ * The type of trust store, default is JKS
Review comment:
Since Java 9 it is no longer JKS by default: http://openjdk.java.net/jeps/229
##########
File path: maven-settings/src/main/mdo/settings.mdo
##########
@@ -580,6 +580,92 @@
]]>
</description>
</field>
+
+
+ <field>
+ <name>trustStore</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ The path to the trust store. If not defined, the JRE's cacert store is used.
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+ <field>
+ <name>trustStorePassword</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ The password to the trust store.
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+ <field>
+ <name>trustStoreType</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ The type of trust store, default is JKS
Review comment:
fix default
##########
File path: maven-artifact/src/main/java/org/apache/maven/artifact/repository/Authentication.java
##########
@@ -125,5 +126,301 @@ public void setPrivateKey( final String privateKey )
{
this.privateKey = privateKey;
}
+
+
+ /**
+ *
+ *
+ * The path to the trust store. If not defined, the JRE's cacert store is
+ * used.
+ *
+ *
+ */
+ private String trustStore;
+
+ /**
+ *
+ *
+ * The password to the trust store.
+ *
+ *
+ */
+ private String trustStorePassword;
+
+ /**
+ *
+ *
+ * The type of trust store, default is JKS
+ *
+ * .
+ */
+ private String trustStoreType;
+
+ /**
+ *
+ *
+ * The path to the keystore used for authentication purposes, or null
+ *
+ * .
+ */
+ private String keyStore;
+
+ /**
+ *
+ *
+ * Keystore password, can be null
+ *
+ * .
+ */
+ private String keyStorePassword;
+
+ /**
+ *
+ *
+ * Keystore if the key store has multiple key pairs, this can be used to
+ * explicitly select a specific certificate via it's alias. If null, the
+ * most appropriate certificate is automatically selected by the SSL Factory
+ *
+ * .
+ */
+ private String keyAlias;
+
+ /**
+ *
+ *
+ * The password to unlock the key, can be null
+ *
+ * .
+ */
+ private String keyPassword;
+
+ /**
+ *
+ *
+ * The key store type, defaults to JKS
+ *
Review comment:
Same as above. Changed in Java 9
##########
File path: maven-settings/src/main/mdo/settings.mdo
##########
@@ -580,6 +580,92 @@
]]>
</description>
</field>
+
+
+ <field>
+ <name>trustStore</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ The path to the trust store. If not defined, the JRE's cacert store is used.
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+ <field>
+ <name>trustStorePassword</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ The password to the trust store.
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+ <field>
+ <name>trustStoreType</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ The type of trust store, default is JKS
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+ <field>
+ <name>keyStore</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ The path to the keystore used for authentication purposes, or null
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+
+ <field>
+ <name>keyStorePassword</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ Keystore password, can be null
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+ <field>
+ <name>keyAlias</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ Keystore if the key store has multiple key pairs, this can be used to explicitly
+ select a specific certificate via it's alias. If null, the most appropriate
+ certificate is automatically selected by the SSL Factory
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+ <field>
+ <name>keyPassword</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ The password to unlock the key, can be null
+ ]]>
+ </description>
+ <type>String</type>
+ </field>
+ <field>
+ <name>keyStoreType</name>
+ <version>1.0.0+</version>
+ <description>
+ <![CDATA[
+ The key store type, defaults to JKS
Review comment:
Default changed in Java 9
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org