Add init step question for enabling signed push

Change-Id: I7bb68651412c9522f7eb03f318b4f26cb921752c

gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAuth.java

@@ -17,6 +17,7 @@ package com.google.gerrit.pgm.init;
 import static com.google.gerrit.pgm.init.api.InitUtil.dnOf;
 
 import com.google.gerrit.pgm.init.api.ConsoleUI;
+import com.google.gerrit.pgm.init.api.InitFlags;
 import com.google.gerrit.pgm.init.api.InitStep;
 import com.google.gerrit.pgm.init.api.Section;
 import com.google.gerrit.reviewdb.client.AuthType;
@@ -24,28 +25,53 @@ import com.google.gwtjsonrpc.server.SignedToken;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
 
+import org.eclipse.jgit.lib.Config;
+
 /** Initialize the {@code auth} configuration section. */
 @Singleton
 class InitAuth implements InitStep {
+  private static final String RECEIVE = "receive";
+  private static final String ENABLE_SIGNED_PUSH = "enableSignedPush";
+
+  private final Config cfg;
   private final ConsoleUI ui;
   private final Section auth;
   private final Section ldap;
+  private final Section receive;
+  private final Libraries libraries;
 
   @Inject
-  InitAuth(final ConsoleUI ui, final Section.Factory sections) {
+  InitAuth(InitFlags flags,
+      ConsoleUI ui,
+      Libraries libraries,
+      Section.Factory sections) {
+    this.cfg = flags.cfg;
     this.ui = ui;
     this.auth = sections.get("auth", null);
     this.ldap = sections.get("ldap", null);
+    this.receive = sections.get(RECEIVE, null);
+    this.libraries = libraries;
   }
 
   @Override
   public void run() {
     ui.header("User Authentication");
 
-    final AuthType auth_type =
-        auth.select("Authentication method", "type", AuthType.OPENID);
+    initAuthType();
+    if (auth.getSecure("registerEmailPrivateKey") == null) {
+      auth.setSecure("registerEmailPrivateKey", SignedToken.generateRandomKey());
+    }
+    if (auth.getSecure("restTokenPrivateKey") == null) {
+      auth.setSecure("restTokenPrivateKey", SignedToken.generateRandomKey());
+    }
 
-    switch (auth_type) {
+    initSignedPush();
+  }
+
+  private void initAuthType() {
+    AuthType authType =
+        auth.select("Authentication method", "type", AuthType.OPENID);
+    switch (authType) {
       case HTTP:
       case HTTP_LDAP: {
         String hdr = auth.get("httpHeader");
@@ -69,7 +95,7 @@ class InitAuth implements InitStep {
         break;
     }
 
-    switch (auth_type) {
+    switch (authType) {
       case LDAP:
       case LDAP_BIND:
       case HTTP_LDAP: {
@@ -103,13 +129,15 @@ class InitAuth implements InitStep {
       case OPENID_SSO:
         break;
     }
+  }
 
-    if (auth.getSecure("registerEmailPrivateKey") == null) {
-      auth.setSecure("registerEmailPrivateKey", SignedToken.generateRandomKey());
-    }
-
-    if (auth.getSecure("restTokenPrivateKey") == null) {
-      auth.setSecure("restTokenPrivateKey", SignedToken.generateRandomKey());
+  private void initSignedPush() {
+    boolean def = cfg.getBoolean(RECEIVE, ENABLE_SIGNED_PUSH, false);
+    boolean enable = ui.yesno(def, "Enable signed push support");
+    receive.set("enableSignedPush", Boolean.toString(enable));
+    if (enable) {
+      libraries.bouncyCastleProvider.downloadRequired();
+      libraries.bouncyCastlePGP.downloadRequired();
     }
   }
 

gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/Libraries.java

@@ -37,6 +37,7 @@ class Libraries {
 
   private final Provider<LibraryDownloader> downloadProvider;
 
+  /* final */LibraryDownloader bouncyCastlePGP;
   /* final */LibraryDownloader bouncyCastleProvider;
   /* final */LibraryDownloader bouncyCastleSSL;
   /* final */LibraryDownloader db2Driver;

gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config

@@ -28,6 +28,14 @@
   needs = bouncyCastleProvider
   remove = bcpkix-.*[.]jar
 
+# Version should match lib/bouncycastle/BUCK
+[library "bouncyCastlePGP"]
+  name = Bouncy Castle Crypto OpenPGP v152
+  url = http://www.bouncycastle.org/download/bcpg-jdk15on-152.jar
+  sha1 = ff4665a4b5633ff6894209d5dd10b7e612291858
+  needs = bouncyCastleProvider
+  remove = bcpg-.*[.]jar
+
 [library "mysqlDriver"]
   name = MySQL Connector/J 5.1.21
   url = http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar