b8336f176a
Bouncy Castle is still an optional dependency for Gerrit, so we want to avoid accidentally attempting to load Bouncy Castle classes when they might not be available. Rather than try to guard every org.bouncycastle.* reference with a hasPGP() check, reduce the surface area of calls that actually require Bouncy Castle. Move almost all code that calls Bouncy Castle into a new module, gerrit-gpg. Callers need only interact with this module by installing the GpgModule, which is careful to protect all Bouncy Castle class loading with the appropriate havePGP() check. Moreover, this module doesn't need to be installed in the gerrit-server package at all, so we can break the compile-time dependency between gerrit-server and Bouncy Castle, so accidentally introducing a dependency on Bouncy Castle results in a compile error. The REST API and extension APIs dealing with GPG keys only refer to the GpgKeyInfo POJO, and don't need to actually refer to Bouncy Castle classes. Add a shim interface, GpgApiAdapter, that is used by AccountApiImpl to process GPG keys. GpgModule binds this interface to either the Bouncy Castle enabled implementation, or a not-implemented implementation. Since there are various places in the server code where we want to inspect whether signed push is enabled at the server level, but we don't want to have to call into gerrit-gpg code to do this, bind a boolean with @EnableSignedPush from GpgModule. Change-Id: Idbab00a52d86216cae73d02876d56be54aef6581 |
||
|---|---|---|
| .. | ||
| eclipse | ||
| maven | ||
| util | ||
| __init__.py | ||
| BUCK | ||
| build.defs | ||
| checkstyle_suppressions.xml | ||
| checkstyle.xml | ||
| default.defs | ||
| download_all.py | ||
| download_file.py | ||
| gerrit.importorder | ||
| git.defs | ||
| GoogleFormat.xml | ||
| gwt-constants.defs | ||
| java_doc.defs | ||
| java_sources.defs | ||
| pack_war.py | ||
| plugin_archetype_deploy.sh | ||
| util_test.py | ||
| util.py | ||
| version.py | ||