Class GpgSignatureValidator
java.lang.Object
org.wildfly.channel.gpg.GpgSignatureValidator
- All Implemented Interfaces:
SignatureValidator
Implementation of a GPG signature validator.
Uses a combination of a local
GpgKeystore and GPG keyservers to resolve certificates.
To resolve a public key required by the artifact signature:
- check if the key is present in the local GpgKeystore.
- check if one of the configured remote keystores contains the key.
- try to download the keys linked in the
gpgUrls
GpgKeystore acts as a source of trusted keys. A new key, resolved from either the keyserver or
the gpgUrls is added to the GpgKeystore and used in subsequent checks.-
Nested Class Summary
Nested classes/interfaces inherited from interface org.wildfly.channel.spi.SignatureValidator
SignatureValidator.SignatureException -
Field Summary
Fields inherited from interface org.wildfly.channel.spi.SignatureValidator
REJECTING_VALIDATOR -
Constructor Summary
ConstructorsConstructorDescriptionGpgSignatureValidator(GpgKeystore keystore) GpgSignatureValidator(GpgKeystore keystore, Keyserver keyserver) -
Method Summary
Modifier and TypeMethodDescriptionvoidaddListener(GpgSignatureValidatorListener listener) validateSignature(ArtifactIdentifier artifactId, InputStream artifactStream, InputStream signatureStream, List<String> gpgUrls)
-
Constructor Details
-
GpgSignatureValidator
-
GpgSignatureValidator
-
-
Method Details
-
addListener
-
validateSignature
public SignatureResult validateSignature(ArtifactIdentifier artifactId, InputStream artifactStream, InputStream signatureStream, List<String> gpgUrls) throws SignatureValidator.SignatureException - Specified by:
validateSignaturein interfaceSignatureValidator- Throws:
SignatureValidator.SignatureException
-