Merge pull request OpenLiberty#848 from jjiwooLim/verifySig

Enable feature signature verification

.github/workflows/gradle.yml

@@ -163,10 +163,10 @@ jobs:
     - name: Copy build/report/tests/test for upload
       if: ${{ failure() }}
       working-directory: C:/ci.gradle
-      run: cp -r build/reports/tests/test D:/buildReports/${{runner.os}}/java${{matrix.java}}/${{matrix.RUNTIME}}-${{matrix.RUNTIME_VERSION}}/      
+      run: cp -r build/reports/tests/test D:/buildReports/${{runner.os}}/java${{matrix.java}}/${{matrix.RUNTIME}}-${{matrix.RUNTIME_VERSION}}/
     - uses: actions/upload-artifact@v3
       if: ${{ failure() }}
       with:
         name: buildReportsArtifactWindows
         path: D:/buildReports
-        retention-days: 3
+        retention-days: 3

src/main/groovy/io/openliberty/tools/gradle/extensions/FeatureExtension.groovy

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corporation 2014, 2019.
+ * (C) Copyright IBM Corporation 2014, 2023.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,9 +16,9 @@
 package io.openliberty.tools.gradle.extensions
 
 class FeatureExtension {
-
     List<String> name
     boolean acceptLicense = false
     String to
     String from
+    String verify = "enforce"
 }

src/main/groovy/io/openliberty/tools/gradle/extensions/ServerExtension.groovy

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corporation 2017, 2020.
+ * (C) Copyright IBM Corporation 2017, 2023.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -41,6 +41,7 @@ class ServerExtension {
     Properties env = new Properties()
     Properties var = new Properties()
     Properties defaultVar = new Properties()
+    Properties keys = new Properties()
 
     boolean clean = false
     String timeout

src/main/groovy/io/openliberty/tools/gradle/tasks/AbstractFeatureTask.groovy

@@ -23,6 +23,7 @@ import io.openliberty.tools.common.plugins.util.PluginExecutionException
 import io.openliberty.tools.common.plugins.util.PluginScenarioException
 import io.openliberty.tools.common.plugins.util.ServerFeatureUtil
 import io.openliberty.tools.gradle.utils.ArtifactDownloadUtil
+import java.util.Map.Entry
 import org.gradle.api.Project
 import org.gradle.api.logging.LogLevel
 import org.gradle.api.tasks.Internal
@@ -42,6 +43,7 @@ public class AbstractFeatureTask extends AbstractServerTask {
 
     private ServerFeatureUtil servUtil;
 
+
 	@Internal
  	String jsonCoordinate;
 
@@ -108,8 +110,8 @@ public class AbstractFeatureTask extends AbstractServerTask {
     }
 
     private class InstallFeatureTaskUtil extends InstallFeatureUtil {
-        public InstallFeatureTaskUtil(File installDir, File buildDir, String from, String to, Set<String> pluginListedEsas, List<ProductProperties> propertiesList, String openLibertyVerion, String containerName, List<String> additionalJsons)  throws PluginScenarioException, PluginExecutionException {
-            super(installDir, buildDir, from, to, pluginListedEsas, propertiesList, openLibertyVerion, containerName, additionalJsons)
+        public InstallFeatureTaskUtil(File installDir, File buildDir, String from, String to, Set<String> pluginListedEsas, List<ProductProperties> propertiesList, String openLibertyVerion, String containerName, List<String> additionalJsons, String verify, Collection<Map<String,String>> keyMap)  throws PluginScenarioException, PluginExecutionException {
+            super(installDir, buildDir, from, to, pluginListedEsas, propertiesList, openLibertyVerion, containerName, additionalJsons, verify, keyMap)
             setContainerEngine(this);
         }
 
@@ -174,6 +176,11 @@ public class AbstractFeatureTask extends AbstractServerTask {
  			}
  			return ArtifactDownloadUtil.downloadArtifact(project, groupId, artifactId, type, version);
  		}
+
+		 @Override
+		 public File downloadSignature(File esa, String groupId, String artifactId, String type, String version) throws PluginExecutionException {
+			 return ArtifactDownloadUtil.downloadSignature(project, groupId, artifactId, type, version, esa);
+		 }
     }
 
     protected Set<String> getPluginListedFeatures(boolean findEsaFiles) {
@@ -239,6 +246,33 @@ public class AbstractFeatureTask extends AbstractServerTask {
         Set<String> featuresToInstall = util.combineToSet(pluginListedFeatures, dependencyFeatures, serverFeatures)
         return featuresToInstall
     }
+
+	/*
+	 * 
+	 */
+	@Internal
+	protected Collection<Map<String, String>> getKeyMap(){
+		Collection<Map<String,String>> keyMapList = new ArrayList<>();
+		if(server.keys == null) {
+			logger.debug("liberty.keys property map is empty")
+			return keyMapList;
+
+		}
+
+		Set<Entry<Object, Object>> entries = server.keys.entrySet()
+		for (Entry<Object, Object> entry : entries) {
+			Map<String, String> keyMap = new HashMap<>();
+			String key = (String) entry.getKey()
+			Object value = entry.getValue()
+			if (value != null) {
+				logger.debug("keyID : " + key + "\tkeyURL : " + value.toString())
+				keyMap.put("keyid", key)
+				keyMap.put("keyurl", value.toString())
+			}
+			keyMapList.add(keyMap)
+		}
+		return keyMapList;
+	}
 
     /**
      * Get a new instance of ServerFeatureUtil
@@ -260,9 +294,10 @@ public class AbstractFeatureTask extends AbstractServerTask {
         return servUtil;
     }
 
-    private void createNewInstallFeatureUtil(Set<String> pluginListedEsas, List<ProductProperties> propertiesList, String openLibertyVerion, String containerName, List<String> additionalJsons) throws PluginExecutionException {
+    private void createNewInstallFeatureUtil(Set<String> pluginListedEsas, List<ProductProperties> propertiesList, String openLibertyVerion, String containerName, List<String> additionalJsons, Collection<Map<String,String>> keyMap) throws PluginExecutionException {
         try {
-            util = new InstallFeatureTaskUtil(getInstallDir(project), project.getBuildDir(), server.features.from, server.features.to, pluginListedEsas, propertiesList, openLibertyVerion, containerName, additionalJsons)
+			logger.info("Feature signature verify option: " + server.features.verify)
+            util = new InstallFeatureTaskUtil(getInstallDir(project), project.getBuildDir(), server.features.from, server.features.to, pluginListedEsas, propertiesList, openLibertyVerion, containerName, additionalJsons, server.features.verify, keyMap)
         } catch (PluginScenarioException e) {
             logger.debug("Exception received: " + e.getMessage(), (Throwable) e)
             logger.debug("Installing features from installUtility.")
@@ -283,13 +318,14 @@ public class AbstractFeatureTask extends AbstractServerTask {
                 openLibertyVersion = InstallFeatureUtil.getOpenLibertyVersion(propertiesList)
             }
             def additionalJsons = getAdditionalJsonList()
-            createNewInstallFeatureUtil(pluginListedEsas, propertiesList, openLibertyVersion, containerName, additionalJsons)
+			Collection<Map<String,String>> keyMap = getKeyMap();
+            createNewInstallFeatureUtil(pluginListedEsas, propertiesList, openLibertyVersion, containerName, additionalJsons, keyMap)
         }
         return util;
     }
 
-    protected InstallFeatureUtil getInstallFeatureUtil(Set<String> pluginListedEsas, List<ProductProperties> propertiesList, String openLibertyVerion, String containerName, List<String> additionalJsons) throws PluginExecutionException {
-        createNewInstallFeatureUtil(pluginListedEsas, propertiesList, openLibertyVerion, containerName, additionalJsons)
+    protected InstallFeatureUtil getInstallFeatureUtil(Set<String> pluginListedEsas, List<ProductProperties> propertiesList, String openLibertyVerion, String containerName, List<String> additionalJsons, Collection<Map<String,String>> keyMap) throws PluginExecutionException {
+        createNewInstallFeatureUtil(pluginListedEsas, propertiesList, openLibertyVerion, containerName, additionalJsons, keyMap)
         return util
     }
 

src/main/groovy/io/openliberty/tools/gradle/tasks/AbstractServerTask.groovy

@@ -60,7 +60,7 @@ abstract class AbstractServerTask extends AbstractLibertyTask {
 
     protected final String HEADER = "# Generated by liberty-gradle-plugin"
 
-    private static final String LIBERTY_CONFIG_GRADLE_PROPS = "(^liberty\\.server\\.(env|jvmOptions|bootstrapProperties|var|defaultVar))\\.(.+)"
+    private static final String LIBERTY_CONFIG_GRADLE_PROPS = "(^liberty\\.server\\.(env|jvmOptions|bootstrapProperties|var|defaultVar|keys))\\.(.+)"
     private static final Pattern pattern = Pattern.compile(LIBERTY_CONFIG_GRADLE_PROPS)
 
     protected final String PLUGIN_VARIABLE_CONFIG_OVERRIDES_XML = "configDropins/overrides/liberty-plugin-variable-config.xml"

src/main/groovy/io/openliberty/tools/gradle/tasks/InstallFeatureTask.groovy

@@ -17,6 +17,7 @@ package io.openliberty.tools.gradle.tasks
 
 import java.util.Set
 
+
 import org.gradle.api.artifacts.ResolveException
 import org.gradle.api.logging.LogLevel
 import org.gradle.api.tasks.TaskAction
@@ -44,7 +45,7 @@ class InstallFeatureTask extends AbstractFeatureTask {
     }
 
     @TaskAction
-    void installFeature() {
+    void installFeature() throws PluginExecutionException {
         // If non-container mode, check for Beta version and skip if needed.  Container mode does not need to check since featureUtility will check when it is called.
         def propertiesList = null;
         def openLibertyVersion = null;
@@ -64,8 +65,9 @@ class InstallFeatureTask extends AbstractFeatureTask {
         }
 
         def pluginListedEsas = getPluginListedFeatures(true)
-		def additionalJsons = getAdditionalJsonList();
-        InstallFeatureUtil util = getInstallFeatureUtil(pluginListedEsas, propertiesList, openLibertyVersion, containerName, additionalJsons)
+        def additionalJsons = getAdditionalJsonList();
+        def keyMap = getKeyMap();
+        InstallFeatureUtil util = getInstallFeatureUtil(pluginListedEsas, propertiesList, openLibertyVersion, containerName, additionalJsons, keyMap)
 
 		if(!pluginListedEsas.isEmpty() && isClosedLiberty) {
 			installFeaturesFromAnt = true;

src/main/groovy/io/openliberty/tools/gradle/utils/ArtifactDownloadUtil.groovy

@@ -15,12 +15,13 @@
  */
 package io.openliberty.tools.gradle.utils
 
+import org.apache.commons.io.FileUtils
 import org.gradle.api.Project
 import org.gradle.api.artifacts.ResolveException
 import io.openliberty.tools.common.plugins.util.PluginExecutionException
+import org.gradle.internal.resolve.ArtifactNotFoundException
 
 public class ArtifactDownloadUtil {
-
     public static File downloadArtifact(Project project, String groupId, String artifactId, String type, String version) throws PluginExecutionException {
         String coordinates = groupId + ":" + artifactId + ":" + version + "@" + type
         def dep = project.dependencies.create(coordinates)
@@ -36,6 +37,20 @@ public class ArtifactDownloadUtil {
 
         return downloadFile(project, config, coordinates)
     }
+
+	public static File downloadSignature(Project project, String groupId, String artifactId, String type, String version, File esa) throws PluginExecutionException {
+        String coordinates = groupId + ":" + artifactId + ":" + version + "@" + type
+		def dep = project.dependencies.create(coordinates)
+		def config = project.configurations.detachedConfiguration(dep)
+		def sig = downloadFile(project, config, coordinates);
+		//if signature and esa file are not in same directory, copy signature file to esa parent directory.
+		if (!sig.getParent().equals(esa.getParent())) {
+            project.getLogger().debug("Copying " + sig + " to " + esa.getAbsolutePath() + ".asc")
+			FileUtils.copyFile(sig, new File(esa.getAbsolutePath() + ".asc"))
+		}
+		return sig
+
+	}
 
     private static File downloadFile(project, config, coordinates) {
         Set<File> files = new HashSet<File>()
@@ -45,7 +60,7 @@ public class ArtifactDownloadUtil {
                 files.add(artifactFile)
                 project.getLogger().debug(artifactFile.toString())
             }
-        } catch (ResolveException e) {
+        } catch (ResolveException | ArtifactNotFoundException e) {
             throw new PluginExecutionException("Could not find artifact with coordinates " + coordinates, e)
         }
 

src/test/groovy/io/openliberty/tools/gradle/InstallFeature_single.groovy

@@ -2,6 +2,7 @@ package io.openliberty.tools.gradle
 
 import static org.junit.Assert.*
 
+import org.junit.AfterClass
 import org.junit.BeforeClass
 import org.junit.FixMethodOrder
 import org.junit.Test
@@ -21,6 +22,11 @@ class InstallFeature_single extends AbstractIntegrationTest{
         createDir(buildDir)
         copySettingsFile(resourceDir, buildDir)
     }
+
+    @AfterClass
+    public static void cleanup() {
+        deleteDir(new File(mavenLocalRepo, "test/user/test/osgi"));
+    }
 
     @Test
     public void test_installFeature_single() {
@@ -57,4 +63,6 @@ class InstallFeature_single extends AbstractIntegrationTest{
 		runTasks(buildDir, 'installFeature')
 		assert simpleFile.exists() : "test.user.test.osgi.SimpleActivator.mf is not installed"
 	}
+
+
 }

src/test/groovy/io/openliberty/tools/gradle/PrepareFeatureTest.groovy

@@ -2,7 +2,7 @@ package io.openliberty.tools.gradle
 
 import static org.junit.Assert.*
 
-import org.junit.Before
+import org.junit.BeforeClass
 import org.junit.AfterClass
 import org.junit.FixMethodOrder
 import org.junit.Test
@@ -38,8 +38,8 @@ class PrepareFeatureTest extends AbstractIntegrationTest{
 	}
 
 
-    @Before
-    public void setup() {
+    @BeforeClass
+    public static void setup() {
 		org.junit.Assume.assumeTrue(checkOpenLibertyVersion());
         createDir(buildDirSingle)
         createDir(buildDirMultiple)
@@ -51,7 +51,6 @@ class PrepareFeatureTest extends AbstractIntegrationTest{
 		copyFile(resourceHelloEsa, helloEsa)
         copyFile(resourceSimpleBom, simpleBom)
 		copyFile(resourceSimpleEsa, simpleEsa)	
-
     }
 
 
@@ -115,5 +114,6 @@ class PrepareFeatureTest extends AbstractIntegrationTest{
 			throw new AssertionError ("Fail to install multiple user features.", e)
 		}
 	}
+
 
 }