[MRESOLVER-516] Align GPG generator #448
Conversation
Align with latest changes. Also, trivial fix to align doco generator, now "java.lang." prefix is stripped off to align all the doco. --- https://issues.apache.org/jira/browse/MRESOLVER-516
maven-resolver-tools/src/main/java/org/eclipse/aether/tools/CollectConfiguration.java
Outdated
Show resolved
Hide resolved
| public boolean isInteractive() { | ||
| return false; | ||
| } | ||
| private static final long MAX_SIZE = 16 * 1024 + 1L; |
There was a problem hiding this comment.
My signing key is 12k... It does not give much room.
There was a problem hiding this comment.
See https://wiki.gnupg.org/LargeKeys
In other words, use Ed25519 key, and leave RSA ones (that are 60 times slower as well) to oblivion. Btw, GnuPG 2.4.x (unsure here, maybe since 2.1, or 2.2 or 2.3?) by default generates Ed25519 keys (unless explicitly asked for RSA). The RSA keys are slowly being phased out.
| + "+to+use+it+for+signing+Maven+Artifacts\n"; | ||
| os.write((instruction).getBytes()); | ||
| os.flush(); | ||
| return new String(Hex.decode(expectOK(in).trim())); | ||
| String pw = mayExpectOK(in); |
There was a problem hiding this comment.
From a security perspective, I think it's better to keep char[] or byte[] rather than a String when carrying passwords.
There was a problem hiding this comment.
Especially, if we call getChars() a few lines later...
There was a problem hiding this comment.
So just return Hex.decode(pw.trim()) below...
| } | ||
| if (Files.isRegularFile(keyPath)) { | ||
| if (Files.size(keyPath) < MAX_SIZE) { | ||
| return Files.readAllBytes(keyPath); | ||
| } else { | ||
| logger.warn("Refusing to load key {}; is larger than 5KB", keyPath); | ||
| logger.warn("Refusing to load file {}; is larger than 64KB", keyPath); |
There was a problem hiding this comment.
Ok, that looks really non standard... Honestly, it's the first time I see this notation. To refer to something we don't care, I'd rather make the MAX_SIZE = 64000 just to keep 64 kB
| } | ||
| if (Files.isRegularFile(keyPath)) { | ||
| if (Files.size(keyPath) < MAX_SIZE) { | ||
| return Files.readAllBytes(keyPath); | ||
| } else { | ||
| logger.warn("Refusing to load key {}; is larger than 5KB", keyPath); | ||
| logger.warn("Refusing to load file {}; is larger than 64KiB", keyPath); |
There was a problem hiding this comment.
The space missing as provided before
And 64kB was always 64kB (64 * 1024).
|
Anything else important around here? Would like to cut next alpha ASAP |
Align with latest changes. Also, trivial fix to align doco generator, now "java.lang." prefix is stripped off to align all the doco.
https://issues.apache.org/jira/browse/MRESOLVER-516