[
https://issues.apache.org/jira/browse/MJARSIGNER-72?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17797211#comment-17797211
]
ASF GitHub Bot commented on MJARSIGNER-72:
------------------------------------------
schedin commented on code in PR #18:
URL:
https://github.com/apache/maven-jarsigner-plugin/pull/18#discussion_r1428049351
##########
src/main/java/org/apache/maven/plugins/jarsigner/AbstractJarsignerMojo.java:
##########
@@ -279,73 +280,78 @@ public final void execute() throws MojoExecutionException
{
jarSigner.setToolchain(toolchain);
}
- int processed = 0;
+ List<File> archives = findJarfiles();
+ processArchives(archives);
+ getLog().info(getMessage("processed", archives.size()));
+ }
+ /**
+ * Finds all jar files, by looking at the Maven project and user
configuration.
+ *
+ * @return a List of File objects
+ * @throws MojoExecutionException If it was not possible to build a list
of jar files
+ */
+ private List<File> findJarfiles() throws MojoExecutionException {
if (this.archive != null) {
- processArchive(this.archive);
- processed++;
- } else {
- if (processMainArtifact) {
- processed += processArtifact(this.project.getArtifact()) ? 1 :
0;
- }
+ // Only process this, but nothing more
+ return Arrays.asList(this.archive);
+ }
- if (processAttachedArtifacts) {
- Collection<String> includes = new HashSet<>();
- if (includeClassifiers != null) {
- includes.addAll(Arrays.asList(includeClassifiers));
- }
+ List<File> archives = new ArrayList<>();
+ if (processMainArtifact) {
+
getFileFromArtifact(this.project.getArtifact()).ifPresent(archives::add);
+ }
- Collection<String> excludes = new HashSet<>();
- if (excludeClassifiers != null) {
- excludes.addAll(Arrays.asList(excludeClassifiers));
- }
+ if (processAttachedArtifacts) {
+ Collection<String> includes = new HashSet<>();
+ if (includeClassifiers != null) {
+ includes.addAll(Arrays.asList(includeClassifiers));
+ }
- for (Artifact artifact : this.project.getAttachedArtifacts()) {
- if (!includes.isEmpty() &&
!includes.contains(artifact.getClassifier())) {
- continue;
- }
+ Collection<String> excludes = new HashSet<>();
+ if (excludeClassifiers != null) {
+ excludes.addAll(Arrays.asList(excludeClassifiers));
+ }
- if (excludes.contains(artifact.getClassifier())) {
- continue;
- }
+ for (Artifact artifact : this.project.getAttachedArtifacts()) {
+ if (!includes.isEmpty() &&
!includes.contains(artifact.getClassifier())) {
+ continue;
+ }
- processed += processArtifact(artifact) ? 1 : 0;
+ if (excludes.contains(artifact.getClassifier())) {
+ continue;
}
+
+ getFileFromArtifact(artifact).ifPresent(archives::add);
+ }
+ } else {
+ if (verbose) {
+ getLog().info(getMessage("ignoringAttachments"));
} else {
- if (verbose) {
- getLog().info(getMessage("ignoringAttachments"));
- } else {
- getLog().debug(getMessage("ignoringAttachments"));
- }
+ getLog().debug(getMessage("ignoringAttachments"));
}
+ }
- if (archiveDirectory != null) {
- String includeList = (includes != null) ?
StringUtils.join(includes, ",") : null;
- String excludeList = (excludes != null) ?
StringUtils.join(excludes, ",") : null;
-
- List<File> jarFiles;
- try {
- jarFiles = FileUtils.getFiles(archiveDirectory,
includeList, excludeList);
- } catch (IOException e) {
- throw new MojoExecutionException("Failed to scan archive
directory for JARs: " + e.getMessage(), e);
- }
+ if (archiveDirectory != null) {
+ String includeList = (includes != null) ?
StringUtils.join(includes, ",") : null;
+ String excludeList = (excludes != null) ?
StringUtils.join(excludes, ",") : null;
- for (File jarFile : jarFiles) {
- processArchive(jarFile);
- processed++;
- }
+ try {
+ archives.addAll(FileUtils.getFiles(archiveDirectory,
includeList, excludeList));
+ } catch (IOException e) {
+ throw new MojoExecutionException("Failed to scan archive
directory for JARs: " + e.getMessage(), e);
}
}
- getLog().info(getMessage("processed", processed));
+ return archives;
}
/**
* Creates the jar signer request to be executed.
*
* @param archive the archive file to treat by jarsigner
* @return the request
- * @throws MojoExecutionException if an exception occurs
+ * @throws MojoExecutionException If an exception occurs
Review Comment:
I have now changed every `@throws` javadoc to use lower case first letter!
> Parallel signing for increased speed
> ------------------------------------
>
> Key: MJARSIGNER-72
> URL: https://issues.apache.org/jira/browse/MJARSIGNER-72
> Project: Maven Jar Signer Plugin
> Issue Type: New Feature
> Affects Versions: 3.0.0
> Reporter: Lennart Schedin
> Priority: Minor
> Labels: performance
>
> *Background:*
> As of June 1 2023, a new industry standard mandates the storage of private
> keys used for code signing on external hardware devices. Refer to
> [https://knowledge.digicert.com/general-information/new-private-key-storage-requirement-for-standard-code-signing-certificates-november-2022]
> for details. Various devices, from the Thales SafeNet USB eToken (about
> $30), Yubico YubiHSM 2 FIPS (about €1000) up to Thales Luna S700 Series
> (about €30000) can store these keys. Cloud-based HSM solutions (like DigiCert
> KeyLocker ($90/year)) also exist.
>
> This ticket primarily targets HSM as a service but could benefit network
> attached HSM solutions as well.
>
> *Problem:*
> Using the {{jarsigner:sign}} goal it is possible to specify
> {{{}archiveDirectory{}}}, that points to a directory with many jar files.
> This is useful for signing every dependency the project has.
>
> Using the DigiCert Keylocker HSM as a service I measured that it took 240
> seconds to sign 128 jar files. I was in Sweden and the DigiCert Keylocker
> service is in USA. The response time of server is about 500 to 700 ms
> (without any login and without any signing).
>
> I created a quick parallel hack (using the Linux command parallel) that used
> 8 threads and it took only 31 seconds. That is: for this specific HSM service
> it scales linearly with the number of threads used.
>
> *To implement:*
> I propose to implement a parallelization for maven-jarsigner-plugin that can
> be used when signing many jar files at once.
>
> The configuration for this could be a new parameter named {{threadCount}}
> (with user property {{{}jarsigner.threadCount{}}}) with default to 1 (no
> parallelization).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
