[MNG-8415] Add constant for the security settings xml file (#1956)

* Add a constant for the security settings file * Avoid usage of system properties by using the ProtoSession * Regen
2024-12-09 13:19:44 +01:00 · 2024-12-09 13:19:44 +01:00 · 1b5b5c8f9e
parent 17b2f38142
commit 1b5b5c8f9e
6 changed files with 113 additions and 101 deletions
--- a/api/maven-api-core/src/main/java/org/apache/maven/api/Constants.java
+++ b/api/maven-api-core/src/main/java/org/apache/maven/api/Constants.java
@ -136,7 +136,7 @@ public final class Constants {
     *
     * @since 4.0.0
     */
-    @Config(defaultValue = "${maven.user.home}/toolchains.xml")
+    @Config(defaultValue = "${maven.user.conf}/toolchains.xml")
    public static final String MAVEN_USER_TOOLCHAINS = "maven.user.toolchains";

    /**
@ -145,6 +145,11 @@ public final class Constants {
    @Config
    public static final String MAVEN_EXT_CLASS_PATH = "maven.ext.class.path";

+    @Config(defaultValue = "${maven.user.conf}/settings-security4.xml")
+    public static final String MAVEN_SETTINGS_SECURITY = "maven.settings.security";
+
+    public static final String MAVEN_SETTINGS_SECURITY_FILE_NAME = "settings-security4.xml";
+
    public static final String MAVEN_STYLE_PREFIX = "maven.style.";

    // Style Names
--- a/impl/maven-impl/src/main/java/org/apache/maven/internal/impl/DefaultSettingsBuilder.java
+++ b/impl/maven-impl/src/main/java/org/apache/maven/internal/impl/DefaultSettingsBuilder.java
@ -32,6 +32,8 @@ import java.util.Map;
 import java.util.function.Function;
 import java.util.function.Supplier;

+import org.apache.maven.api.Constants;
+import org.apache.maven.api.ProtoSession;
 import org.apache.maven.api.di.Inject;
 import org.apache.maven.api.di.Named;
 import org.apache.maven.api.services.BuilderProblem;
@ -53,7 +55,9 @@ import org.apache.maven.api.settings.Settings;
 import org.apache.maven.internal.impl.model.DefaultInterpolator;
 import org.apache.maven.settings.v4.SettingsMerger;
 import org.apache.maven.settings.v4.SettingsTransformer;
+import org.codehaus.plexus.components.secdispatcher.Dispatcher;
 import org.codehaus.plexus.components.secdispatcher.SecDispatcher;
+import org.codehaus.plexus.components.secdispatcher.internal.DefaultSecDispatcher;

 /**
 * Builds the effective settings from a user settings file and/or a global settings file.
@ -70,14 +74,13 @@ public class DefaultSettingsBuilder implements SettingsBuilder {

    private final Interpolator interpolator;

-    private final SecDispatcher secDispatcher;
+    private final Map<String, Dispatcher> dispatchers;

    /**
-     * This ctor is used in legacy components, and when in legacy, {@link SecDispatcher} is {@code null} and
-     * Maven3 exposes decryption with other means.
+     * This ctor is used in legacy components.
     */
    public DefaultSettingsBuilder() {
-        this(new DefaultSettingsXmlFactory(), new DefaultInterpolator(), null);
+        this(new DefaultSettingsXmlFactory(), new DefaultInterpolator(), Map.of());
    }

    /**
@ -85,10 +88,10 @@ public class DefaultSettingsBuilder implements SettingsBuilder {
     */
    @Inject
    public DefaultSettingsBuilder(
-            SettingsXmlFactory settingsXmlFactory, Interpolator interpolator, SecDispatcher secDispatcher) {
+            SettingsXmlFactory settingsXmlFactory, Interpolator interpolator, Map<String, Dispatcher> dispatchers) {
        this.settingsXmlFactory = settingsXmlFactory;
        this.interpolator = interpolator;
-        this.secDispatcher = secDispatcher;
+        this.dispatchers = dispatchers;
    }

    @Override
@ -266,9 +269,10 @@ public class DefaultSettingsBuilder implements SettingsBuilder {

    private Settings decrypt(
            Source settingsSource, Settings settings, SettingsBuilderRequest request, List<BuilderProblem> problems) {
-        if (secDispatcher == null) {
+        if (dispatchers.isEmpty()) {
            return settings;
        }
+        SecDispatcher secDispatcher = new DefaultSecDispatcher(dispatchers, getSecuritySettings(request.getSession()));
        Function<String, String> decryptFunction = str -> {
            if (secDispatcher.isAnyEncryptedString(str)) {
                if (secDispatcher.isLegacyEncryptedString(str)) {
@ -299,6 +303,19 @@ public class DefaultSettingsBuilder implements SettingsBuilder {
        return new SettingsTransformer(decryptFunction).visit(settings);
    }

+    private Path getSecuritySettings(ProtoSession session) {
+        Map<String, String> properties = session.getUserProperties();
+        String settingsSecurity = properties.get(Constants.MAVEN_SETTINGS_SECURITY);
+        if (settingsSecurity != null) {
+            return Paths.get(settingsSecurity);
+        }
+        String mavenUserConf = properties.get(Constants.MAVEN_USER_CONF);
+        if (mavenUserConf != null) {
+            return Paths.get(mavenUserConf, Constants.MAVEN_SETTINGS_SECURITY_FILE_NAME);
+        }
+        return Paths.get(properties.get("user.home"), ".m2", Constants.MAVEN_SETTINGS_SECURITY_FILE_NAME);
+    }
+
    @Override
    public List<BuilderProblem> validate(Settings settings, boolean isProjectSettings) {
        ArrayList<BuilderProblem> problems = new ArrayList<>();
--- a/impl/maven-impl/src/main/java/org/apache/maven/internal/impl/secdispatcher/SecDispatcherProvider.java
+++ b/impl/maven-impl/src/main/java/org/apache/maven/internal/impl/secdispatcher/SecDispatcherProvider.java
@ -18,18 +18,13 @@
 */
 package org.apache.maven.internal.impl.secdispatcher;

-import java.nio.file.Path;
-import java.nio.file.Paths;
 import java.util.Map;

-import org.apache.maven.api.Constants;
 import org.apache.maven.api.di.Named;
 import org.apache.maven.api.di.Provides;
 import org.codehaus.plexus.components.secdispatcher.Cipher;
 import org.codehaus.plexus.components.secdispatcher.Dispatcher;
 import org.codehaus.plexus.components.secdispatcher.MasterSource;
-import org.codehaus.plexus.components.secdispatcher.SecDispatcher;
-import org.codehaus.plexus.components.secdispatcher.internal.DefaultSecDispatcher;
 import org.codehaus.plexus.components.secdispatcher.internal.cipher.AESGCMNoPadding;
 import org.codehaus.plexus.components.secdispatcher.internal.dispatchers.LegacyDispatcher;
 import org.codehaus.plexus.components.secdispatcher.internal.dispatchers.MasterDispatcher;
@ -45,13 +40,6 @@ import org.codehaus.plexus.components.secdispatcher.internal.sources.SystemPrope
@Named
 public class SecDispatcherProvider {

-    private static final String FILE_NAME = "settings-security4.xml";
-
-    @Provides
-    public static SecDispatcher secDispatcher(Map<String, Dispatcher> dispatchers) {
-        return new DefaultSecDispatcher(dispatchers, configurationFile());
-    }
-
    @Provides
    @Named(LegacyDispatcher.NAME)
    public static Dispatcher legacyDispatcher() {
@ -94,13 +82,4 @@ public class SecDispatcherProvider {
    public static MasterSource systemPropertyMasterSource() {
        return new SystemPropertyMasterSource();
    }
-
-    private static Path configurationFile() {
-        String mavenUserConf = System.getProperty(Constants.MAVEN_USER_CONF);
-        if (mavenUserConf != null) {
-            return Paths.get(mavenUserConf, FILE_NAME);
-        }
-        // this means we are in UT or alike
-        return Paths.get(System.getProperty("user.home"), ".m2", FILE_NAME);
-    }
 }
--- a/src/site/markdown/configuration.properties
+++ b/src/site/markdown/configuration.properties
@ -16,7 +16,7 @@
 # specific language governing permissions and limitations
 # under the License.
 #
-props.count = 42
+props.count = 43
 props.1.key = maven.build.timestamp.format
 props.1.configurationType = String
 props.1.description = Build timestamp format.
@ -166,105 +166,110 @@ props.25.description = User property for version filter expression used in sessi
 props.25.defaultValue = 
 props.25.since = 4.0.0
 props.25.configurationSource = User properties
-props.26.key = maven.style.color
+props.26.key = maven.settings.security
 props.26.configurationType = String
-props.26.description = Maven output color mode. Allowed values are <code>auto</code>, <code>always</code>, <code>never</code>.
-props.26.defaultValue = auto
-props.26.since = 4.0.0
+props.26.description = 
+props.26.defaultValue = ${maven.user.conf}/settings-security4.xml
 props.26.configurationSource = User properties
-props.27.key = maven.style.debug
+props.27.key = maven.style.color
 props.27.configurationType = String
-props.27.description = Color style for debug messages.
-props.27.defaultValue = bold,f:cyan
+props.27.description = Maven output color mode. Allowed values are <code>auto</code>, <code>always</code>, <code>never</code>.
+props.27.defaultValue = auto
 props.27.since = 4.0.0
 props.27.configurationSource = User properties
-props.28.key = maven.style.error
+props.28.key = maven.style.debug
 props.28.configurationType = String
-props.28.description = Color style for error messages.
-props.28.defaultValue = bold,f:red
+props.28.description = Color style for debug messages.
+props.28.defaultValue = bold,f:cyan
 props.28.since = 4.0.0
 props.28.configurationSource = User properties
-props.29.key = maven.style.failure
+props.29.key = maven.style.error
 props.29.configurationType = String
-props.29.description = Color style for failure messages.
+props.29.description = Color style for error messages.
 props.29.defaultValue = bold,f:red
 props.29.since = 4.0.0
 props.29.configurationSource = User properties
-props.30.key = maven.style.info
+props.30.key = maven.style.failure
 props.30.configurationType = String
-props.30.description = Color style for info messages.
-props.30.defaultValue = bold,f:blue
+props.30.description = Color style for failure messages.
+props.30.defaultValue = bold,f:red
 props.30.since = 4.0.0
 props.30.configurationSource = User properties
-props.31.key = maven.style.mojo
+props.31.key = maven.style.info
 props.31.configurationType = String
-props.31.description = Color style for mojo messages.
-props.31.defaultValue = f:green
+props.31.description = Color style for info messages.
+props.31.defaultValue = bold,f:blue
 props.31.since = 4.0.0
 props.31.configurationSource = User properties
-props.32.key = maven.style.project
+props.32.key = maven.style.mojo
 props.32.configurationType = String
-props.32.description = Color style for project messages.
-props.32.defaultValue = f:cyan
+props.32.description = Color style for mojo messages.
+props.32.defaultValue = f:green
 props.32.since = 4.0.0
 props.32.configurationSource = User properties
-props.33.key = maven.style.strong
+props.33.key = maven.style.project
 props.33.configurationType = String
-props.33.description = Color style for strong messages.
-props.33.defaultValue = bold
+props.33.description = Color style for project messages.
+props.33.defaultValue = f:cyan
 props.33.since = 4.0.0
 props.33.configurationSource = User properties
-props.34.key = maven.style.success
+props.34.key = maven.style.strong
 props.34.configurationType = String
-props.34.description = Color style for success messages.
-props.34.defaultValue = bold,f:green
+props.34.description = Color style for strong messages.
+props.34.defaultValue = bold
 props.34.since = 4.0.0
 props.34.configurationSource = User properties
-props.35.key = maven.style.trace
+props.35.key = maven.style.success
 props.35.configurationType = String
-props.35.description = Color style for trace messages.
-props.35.defaultValue = bold,f:magenta
+props.35.description = Color style for success messages.
+props.35.defaultValue = bold,f:green
 props.35.since = 4.0.0
 props.35.configurationSource = User properties
-props.36.key = maven.style.transfer
+props.36.key = maven.style.trace
 props.36.configurationType = String
-props.36.description = Color style for transfer messages.
-props.36.defaultValue = f:bright-black
+props.36.description = Color style for trace messages.
+props.36.defaultValue = bold,f:magenta
 props.36.since = 4.0.0
 props.36.configurationSource = User properties
-props.37.key = maven.style.warning
+props.37.key = maven.style.transfer
 props.37.configurationType = String
-props.37.description = Color style for warning messages.
-props.37.defaultValue = bold,f:yellow
+props.37.description = Color style for transfer messages.
+props.37.defaultValue = f:bright-black
 props.37.since = 4.0.0
 props.37.configurationSource = User properties
-props.38.key = maven.user.conf
+props.38.key = maven.style.warning
 props.38.configurationType = String
-props.38.description = Maven user configuration directory.
-props.38.defaultValue = ${user.home}/.m2
+props.38.description = Color style for warning messages.
+props.38.defaultValue = bold,f:yellow
 props.38.since = 4.0.0
 props.38.configurationSource = User properties
-props.39.key = maven.user.extensions
+props.39.key = maven.user.conf
 props.39.configurationType = String
-props.39.description = Maven user extensions.
-props.39.defaultValue = ${maven.user.conf}/extensions.xml
+props.39.description = Maven user configuration directory.
+props.39.defaultValue = ${user.home}/.m2
 props.39.since = 4.0.0
 props.39.configurationSource = User properties
-props.40.key = maven.user.settings
+props.40.key = maven.user.extensions
 props.40.configurationType = String
-props.40.description = Maven user settings.
-props.40.defaultValue = ${maven.user.conf}/settings.xml
+props.40.description = Maven user extensions.
+props.40.defaultValue = ${maven.user.conf}/extensions.xml
 props.40.since = 4.0.0
 props.40.configurationSource = User properties
-props.41.key = maven.user.toolchains
+props.41.key = maven.user.settings
 props.41.configurationType = String
-props.41.description = Maven user toolchains.
-props.41.defaultValue = ${maven.user.home}/toolchains.xml
+props.41.description = Maven user settings.
+props.41.defaultValue = ${maven.user.conf}/settings.xml
 props.41.since = 4.0.0
 props.41.configurationSource = User properties
-props.42.key = maven.versionResolver.noCache
-props.42.configurationType = Boolean
-props.42.description = User property for disabling version resolver cache.
-props.42.defaultValue = false
-props.42.since = 3.0.0
+props.42.key = maven.user.toolchains
+props.42.configurationType = String
+props.42.description = Maven user toolchains.
+props.42.defaultValue = ${maven.user.conf}/toolchains.xml
+props.42.since = 4.0.0
 props.42.configurationSource = User properties
+props.43.key = maven.versionResolver.noCache
+props.43.configurationType = Boolean
+props.43.description = User property for disabling version resolver cache.
+props.43.defaultValue = false
+props.43.since = 3.0.0
+props.43.configurationSource = User properties
--- a/src/site/markdown/configuration.yaml
+++ b/src/site/markdown/configuration.yaml
@ -166,6 +166,11 @@ props:
      defaultValue: 
      since: 4.0.0
      configurationSource: User properties
+    - key: maven.settings.security
+      configurationType: String
+      description: ""
+      defaultValue: ${maven.user.conf}/settings-security4.xml
+      configurationSource: User properties
    - key: maven.style.color
      configurationType: String
      description: "Maven output color mode. Allowed values are <code>auto</code>, <code>always</code>, <code>never</code>."
@ -259,7 +264,7 @@ props:
    - key: maven.user.toolchains
      configurationType: String
      description: "Maven user toolchains."
-      defaultValue: ${maven.user.home}/toolchains.xml
+      defaultValue: ${maven.user.conf}/toolchains.xml
      since: 4.0.0
      configurationSource: User properties
    - key: maven.versionResolver.noCache
--- a/src/site/markdown/maven-configuration.md
+++ b/src/site/markdown/maven-configuration.md
@ -50,21 +50,22 @@ under the License.
 | 23. | `maven.resolver.dependencyManagerTransitivity` | `String` | User property for selecting dependency manager behaviour regarding transitive dependencies and dependency management entries in their POMs. Maven 3 targeted full backward compatibility with Maven2, hence it ignored dependency management entries in transitive dependency POMs. Maven 4 enables "transitivity" by default, hence unlike Maven2, obeys dependency management entries deep in dependency graph as well. <br/> Default: <code>"true"</code>. |  `true`  | 4.0.0 | User properties |
 | 24. | `maven.resolver.transport` | `String` | Resolver transport to use. Can be <code>default</code>, <code>wagon</code>, <code>apache</code>, <code>jdk</code> or <code>auto</code>. |  `default`  | 4.0.0 | User properties |
 | 25. | `maven.session.versionFilter` | `String` | User property for version filter expression used in session, applied to resolving ranges: a semicolon separated list of filters to apply. By default, no version filter is applied (like in Maven 3). <br/> Supported filters: <ul> <li>"h" or "h(num)" - highest version or top list of highest ones filter</li> <li>"l" or "l(num)" - lowest version or bottom list of lowest ones filter</li> <li>"s" - contextual snapshot filter</li> <li>"e(G:A:V)" - predicate filter (leaves out G:A:V from range, if hit, V can be range)</li> </ul> Example filter expression: <code>"h(5);s;e(org.foo:bar:1)</code> will cause: ranges are filtered for "top 5" (instead full range), snapshots are banned if root project is not a snapshot, and if range for <code>org.foo:bar</code> is being processed, version 1 is omitted. Value in this property builds <code>org.eclipse.aether.collection.VersionFilter</code> instance. |  -  | 4.0.0 | User properties |
-| 26. | `maven.style.color` | `String` | Maven output color mode. Allowed values are <code>auto</code>, <code>always</code>, <code>never</code>. |  `auto`  | 4.0.0 | User properties |
-| 27. | `maven.style.debug` | `String` | Color style for debug messages. |  `bold,f:cyan`  | 4.0.0 | User properties |
-| 28. | `maven.style.error` | `String` | Color style for error messages. |  `bold,f:red`  | 4.0.0 | User properties |
-| 29. | `maven.style.failure` | `String` | Color style for failure messages. |  `bold,f:red`  | 4.0.0 | User properties |
-| 30. | `maven.style.info` | `String` | Color style for info messages. |  `bold,f:blue`  | 4.0.0 | User properties |
-| 31. | `maven.style.mojo` | `String` | Color style for mojo messages. |  `f:green`  | 4.0.0 | User properties |
-| 32. | `maven.style.project` | `String` | Color style for project messages. |  `f:cyan`  | 4.0.0 | User properties |
-| 33. | `maven.style.strong` | `String` | Color style for strong messages. |  `bold`  | 4.0.0 | User properties |
-| 34. | `maven.style.success` | `String` | Color style for success messages. |  `bold,f:green`  | 4.0.0 | User properties |
-| 35. | `maven.style.trace` | `String` | Color style for trace messages. |  `bold,f:magenta`  | 4.0.0 | User properties |
-| 36. | `maven.style.transfer` | `String` | Color style for transfer messages. |  `f:bright-black`  | 4.0.0 | User properties |
-| 37. | `maven.style.warning` | `String` | Color style for warning messages. |  `bold,f:yellow`  | 4.0.0 | User properties |
-| 38. | `maven.user.conf` | `String` | Maven user configuration directory. |  `${user.home}/.m2`  | 4.0.0 | User properties |
-| 39. | `maven.user.extensions` | `String` | Maven user extensions. |  `${maven.user.conf}/extensions.xml`  | 4.0.0 | User properties |
-| 40. | `maven.user.settings` | `String` | Maven user settings. |  `${maven.user.conf}/settings.xml`  | 4.0.0 | User properties |
-| 41. | `maven.user.toolchains` | `String` | Maven user toolchains. |  `${maven.user.home}/toolchains.xml`  | 4.0.0 | User properties |
-| 42. | `maven.versionResolver.noCache` | `Boolean` | User property for disabling version resolver cache. |  `false`  | 3.0.0 | User properties |
+| 26. | `maven.settings.security` | `String` |  |  `${maven.user.conf}/settings-security4.xml`  |  | User properties |
+| 27. | `maven.style.color` | `String` | Maven output color mode. Allowed values are <code>auto</code>, <code>always</code>, <code>never</code>. |  `auto`  | 4.0.0 | User properties |
+| 28. | `maven.style.debug` | `String` | Color style for debug messages. |  `bold,f:cyan`  | 4.0.0 | User properties |
+| 29. | `maven.style.error` | `String` | Color style for error messages. |  `bold,f:red`  | 4.0.0 | User properties |
+| 30. | `maven.style.failure` | `String` | Color style for failure messages. |  `bold,f:red`  | 4.0.0 | User properties |
+| 31. | `maven.style.info` | `String` | Color style for info messages. |  `bold,f:blue`  | 4.0.0 | User properties |
+| 32. | `maven.style.mojo` | `String` | Color style for mojo messages. |  `f:green`  | 4.0.0 | User properties |
+| 33. | `maven.style.project` | `String` | Color style for project messages. |  `f:cyan`  | 4.0.0 | User properties |
+| 34. | `maven.style.strong` | `String` | Color style for strong messages. |  `bold`  | 4.0.0 | User properties |
+| 35. | `maven.style.success` | `String` | Color style for success messages. |  `bold,f:green`  | 4.0.0 | User properties |
+| 36. | `maven.style.trace` | `String` | Color style for trace messages. |  `bold,f:magenta`  | 4.0.0 | User properties |
+| 37. | `maven.style.transfer` | `String` | Color style for transfer messages. |  `f:bright-black`  | 4.0.0 | User properties |
+| 38. | `maven.style.warning` | `String` | Color style for warning messages. |  `bold,f:yellow`  | 4.0.0 | User properties |
+| 39. | `maven.user.conf` | `String` | Maven user configuration directory. |  `${user.home}/.m2`  | 4.0.0 | User properties |
+| 40. | `maven.user.extensions` | `String` | Maven user extensions. |  `${maven.user.conf}/extensions.xml`  | 4.0.0 | User properties |
+| 41. | `maven.user.settings` | `String` | Maven user settings. |  `${maven.user.conf}/settings.xml`  | 4.0.0 | User properties |
+| 42. | `maven.user.toolchains` | `String` | Maven user toolchains. |  `${maven.user.conf}/toolchains.xml`  | 4.0.0 | User properties |
+| 43. | `maven.versionResolver.noCache` | `Boolean` | User property for disabling version resolver cache. |  `false`  | 3.0.0 | User properties |