The following document contains the results of RAT (Release Audit Tool) .
*****************************************************
Summary
-------
Notes: 3
Binaries: 0
Archives: 0
Standards: 28
Apache Licensed: 16
Generated Documents: 0
JavaDocs are generated and so license header is optional
Generated files do not required license headers
12 Unknown Licenses
*******************************
Archives (+ indicates readable, $ unreadable):
*****************************************************
Files with AL headers will be marked L
Binary files (which do not require AL headers) will be marked B
Compressed archives will be marked A
Notices, licenses etc will be marked N
!????? build.xml
N LICENSE.txt
N NOTICE.txt
!????? pom.xml
N README
AL src/main/java/org/apache/commons/openpgp/ant/OpenPgpSignerTask.java
AL src/main/java/org/apache/commons/openpgp/BouncyCastleKeyRing.java
AL src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpSignatureVerifier.java
AL src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpSigner.java
AL src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpStreamingSignatureVerifier.java
AL src/main/java/org/apache/commons/openpgp/BouncyCastleOpenPgpStreamingSigner.java
AL src/main/java/org/apache/commons/openpgp/KeyRing.java
AL src/main/java/org/apache/commons/openpgp/OpenPgpException.java
AL src/main/java/org/apache/commons/openpgp/OpenPgpSignatureVerifier.java
AL src/main/java/org/apache/commons/openpgp/OpenPgpSigner.java
AL src/main/java/org/apache/commons/openpgp/OpenPgpStreamingSignatureVerifier.java
AL src/main/java/org/apache/commons/openpgp/OpenPgpStreamingSigner.java
AL src/main/java/org/apache/commons/openpgp/SignatureStatus.java
AL src/main/java/org/apache/commons/openpgp/UnknownKeyException.java
!????? src/main/resources/org/apache/commons/openpgp/ant/antlib.xml
!????? src/site/apt/index.apt
!????? src/site/apt/signer.apt
!????? src/site/apt/usage.apt
!????? src/site/site.xml
AL src/site/xdoc/issue-tracking.xml
AL src/test/java/org/apache/commons/openpgp/BouncyCastleOpenPgpSignerTest.java
!????? src/test/resources/pubring.gpg
!????? src/test/resources/secring.gpg
!????? src/test/resources/test-input
!????? src/test/resources/test-signature.asc
!????? src/test/resources/test-signature.bpg
*****************************************************
Printing headers for files without AL header...
=======================================================================
==build.xml
=======================================================================
<?xml version="1.0"?>
<!--
=======================================================================
Minimal Apache Ant build file for commons-openpgp
Copyright (c) 2005 The Apache Software Foundation. All rights
reserved.
=======================================================================
-->
<project name="commons-openpgp" default="jar" basedir=".">
<target name="properties">
<property name="build.target.dir" location="target"/>
<property name="build.classes.dir" location="${build.target.dir}/classes"/>
<property name="build.tests.dir"
location="${build.target.dir}/test-classes"/>
<property name="build.junit.fork" value="false"/>
<property name="build.junit.forkmode" value="once"/>
<property name="build.jar.basename" value="commons-openpgp"/>
<property name="build.jar.version" value="0.1"/>
<property name="build.jar.name"
value="${build.target.dir}/${build.jar.basename}-${build.jar.version}.jar"/>
</target>
<target name="setup" depends="properties">
<mkdir dir="${build.classes.dir}"/>
<mkdir dir="${build.tests.dir}"/>
<!-- feel free to get fancy using the Maven 2 Ant tasks, this is
just a placeholder for now -->
<path id="compilation-dependencies">
</path>
<path id="test-dependencies">
</path>
</target>
<target name="compile" depends="setup">
<javac srcdir="src/main/java" destdir="${build.classes.dir}"
source="1.3" target="1.3" debug="true">
<classpath refid="compilation-dependencies"/>
</javac>
</target>
<target name="compile-tests" depends="compile" unless="skip.tests!">
<javac srcdir="src/test/java" destdir="${build.tests.dir}"
source="1.3" target="1.3" debug="true">
<classpath id="test-classpath">
=======================================================================
==pom.xml
=======================================================================
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache.commons</groupId>
<artifactId>commons-sandbox-parent</artifactId>
<version>6</version>
</parent>
<artifactId>commons-openpgp</artifactId>
<version>1.0-SNAPSHOT</version>
<name>Commons OpenPGP (Sandbox)</name>
<url>http://commons.apache.org/sandbox/openpgp/</url>
<inceptionYear>2005</inceptionYear>
<dependencies>
<!-- we need an optional dep on JCE for JDK 1.3 and lower -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpg-jdk12</artifactId>
<version>130</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>ant</groupId>
<artifactId>ant</artifactId>
<version>1.6.5</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>ant</groupId>
<artifactId>ant-launcher</artifactId>
<version>1.6.5</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<build>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
</build>
<developers>
<developer>
<id>brett</id>
=======================================================================
==src/main/resources/org/apache/commons/openpgp/ant/antlib.xml
=======================================================================
<?xml version="1.0"?>
<antlib>
<taskdef name="signer"
classname="org.apache.commons.openpgp.ant.OpenPgpSignerTask"
/>
</antlib>
=======================================================================
==src/site/apt/index.apt
=======================================================================
-----
Home
-----
Brett Porter
-----
10 December 2005
-----
Jakarta Commons OpenPGP
Commons OpenPGP was started to produce a common and simple interface for generating
and verifying OpenPGP signatures.
Currently implemented using {{{http://www.bouncycastle.org} BouncyCastle}}, it is
intended to allow pluggable providers so that alternate open source and commercial
providers can be used.
* History
The library was started by Maven and Ant committers to enable the use of OpenPGP
from these tools. Currently, Maven uses it in its development version to sign
libraries released to the repository.
* Using the Library
* {{{usage.html} Usage Instructions}}
=======================================================================
==src/site/apt/signer.apt
=======================================================================
-----
Signer Ant Task
-----
Antoine Levy-Lambert
-----
12 October 2006
-----
Signer Ant Task
This task will be packaged in the commons-openpgp.jar.
It will use the bouncy castle jars at runtime. It has been tested with bcpg-jdk12-134.jar and bcprov-jdk12-134.jar.
The generated signatures can be verified with gpg.
<<<signer>>> can sign one or several files at once.
* <<<attributes>>>
*------------------+--------------------------------------------------------------------------+-------------------------------------------------+
| Attribute | Description | Required |
*------------------+--------------------------------------------------------------------------+-------------------------------------------------+
| <<<secring>>> | Secret key ring file. | Yes |
*------------------+--------------------------------------------------------------------------+-------------------------------------------------+
| <<<pubring>>> | Public key ring file. | Yes |
*------------------+--------------------------------------------------------------------------+-------------------------------------------------+
| <<<password>>> | Password of the secret key ring. | Yes |
*------------------+--------------------------------------------------------------------------+-------------------------------------------------+
| <<<keyid>>> | Id of the key used to sign. | Yes |
*------------------+--------------------------------------------------------------------------+-------------------------------------------------+
| <<<asciiarmor>>> | Boolean, defaults to true. | No |
*------------------+--------------------------------------------------------------------------+-------------------------------------------------+
| <<<artefact>>> | The file that you want to sign. | No, if fileset nested element present. |
*------------------+--------------------------------------------------------------------------+-------------------------------------------------+
The task must also take either one or several nested <<<fileset>>> element, or an <<<artefact>>> attribute.
** <<<fileset>>> nested element
The task can take one or several fileset nested elements.
See the {{{http://ant.apache.org/manual/CoreTypes/fileset.html} ant manual}} for an explanation.
If you want to sign just one file, the <<<artefact>>> attribute can be used instead.
** <<<mapper>>> nested element
The task may take a {{{http://ant.apache.org/manual/CoreTypes/mapper.html} mapper}} nested element.
This nested element tells the task how the signature files should be called.
If you do not supply this element, the signature files will be located in the same directory as the files that
you sign. An ending of <<<.asc>>> will be appended to the file name for ascii armored output (the default).
If you set <<<asciiarmor>>> to false, the ending will be <<<.sig>>>
=======================================================================
==src/site/apt/usage.apt
=======================================================================
-----
Usage
-----
Brett Porter
-----
10 December 2005
-----
Usage Instructions
Currently only creation and verification of detached signatures is supported. This can be done in streaming and
non-streaming mode.
Both modes require that you have created a key ring.
* Creating a Key Ring
A key ring object needs to be created, containing an input stream for both the public and secret key rings.
The password for the secret key ring also needs to be passed in for creating signatures.
For example, to create the Bouncy Castle key ring, the constructor is used:
-----
BouncyCastleKeyRing( InputStream secretKeyRing, InputStream publicKeyRing, char[] password );
-----
* Non-streaming Mode
~~TODO: link to Javadoc
To sign data with a detached signature, create a <<<OpenPgpSigner>>>.
-----
signer = new BouncyCastleOpenPgpSigner();
signer.detachedSign(
getClass().getResourceAsStream( "/test-input" ), // binary input file
signature, // outputstream for the signature
keyId, // key ID
keyRing,
true ); // ascii armor
-----
Verifying the signature is similar.
-----
verifier = new BouncyCastleOpenPgpSignatureVerifier();
verifier.verifyDetachedSignature(
getClass().getResourceAsStream( "/test-input" ), // binary input file
=======================================================================
==src/site/site.xml
=======================================================================
<?xml version="1.0" encoding="ISO-8859-1"?>
<project name="Commons OpenPGP">
<body>
<links>
<item name="Bouncy Castle" href="http://www.bouncycastle.org" />
<!--
<item name="OpenPGP" href="http://www.openpgp.org"/>
-->
</links>
<menu name="Commons OpenPGP">
<item name="Overview" href="/index.html" />
<item name="Usage" href="/usage.html" />
<item name="Signer Ant Task" href="/signer.html"/>
</menu>
<menu name="Development">
<item name="Mailing Lists" href="/mail-lists.html"/>
<item name="Issue Tracking" href="/issue-tracking.html"/>
<item name="Team" href="/team-list.html"/>
<item name="Source Repository" href="/source-repository.html"/>
<item name="Javadoc (latest)" href="/apidocs/index.html"/>
</menu>
</body>
</project>
=======================================================================
==src/test/resources/pubring.gpg
=======================================================================
??¢?C?QA?????
ÑsgÀNí´Ù¡.Ö?ëîÙ]f??îÍ?Ãò¸s?Il6K??5Æ}¶?ü(C?M *?ÛÃ9
Ë©HÐAfȲ[ð¦²?õ?ªã?ØÍ?¥???ò%ºbI*sU¡'ûK?*ìÑ)??°OnÑ_V¦??¢?p»>?!íÏn?!?¿p>¬
ù933? Ý'ÄWMËðøÉG6??@ÁOO\ôñ?ý?/"²Çñgî?|18©
X?áY¹¦ÍøAîP?rÍò ?7?ë¹?~[Nãy<èiõA¤???%¯ÕþaU?Í^0bt?ycÁ®¿?SÇ?Û08iÊ?ÌAåöŦ?&y(??6^Å?|Ê
??´F?îo???ág+7ÿd÷´R
RÌ??¥©0ûÑ??ÿA?=ȶ$å
ó?
w~?R?ù?
?ùbï*Ø?RÙíÜS?éd?NPþ½Vy?T?²=·þX@ï?9c "|ïÉÏ£:l5¦ö?à?ÐG:ÁV>??¯ðYÀ²U?Î?làVñ·¥&§?¶Ò&¶ÇIK?;??¤ð¶?Nslñ?Lä<Ð˹?ç?Å8á´Kcommons-openpgp (Commons OpenPGP Test Key) <commons-dev@jakarta.apache.org>?^????????C?QA????? ???????????????????
?Në?2§ÑkÔ$Ö??=~1.?¤Ùí?ÛZøíµÝÙtºI??e@ãÄø®?Ðò??L.ê4?#ÿ£F¹?
?C?QB????ù?l¡±«ËlüJè?å{??9nV/QÁ?úд?wul??ÃjÇð(?ÿy? ?Ò???¿áãÔªA??óÛ<1Ó`???+ü3óTÔu^|_M?½F@td»K?F84nfº?ëO¤±P?i*b?`?[?z¼h÷¹/!&õ ?ø?jC?&ñµ¦s????þ-F?þ#Ó?^f?½t?? ?Åe5v?Ë??±÷¤)ïr?ÙË???k2À?ïü?¹??8ØnGà4y|-Þ´øô?K?â?%?óý8F?Å¡J1?á5ö?^R?w?¶ÑËgs W50·lDæyÏý?íÞ.
0±|?¦J=?Û¹uÛ?Ê%?GýÏ?I????? ??C?QB????
?Në?2§ÑkÔãz???{?T@©?\ï÷J£§?w¤?16ÿ???mîN1ScúXpËz?sp¤aÊ?µ
=======================================================================
==src/test/resources/secring.gpg
=======================================================================
??á?C?QA?????
ÑsgÀNí´Ù¡.Ö?ëîÙ]f??îÍ?Ãò¸s?Il6K??5Æ}¶?ü(C?M *?ÛÃ9
Ë©HÐAfȲ[ð¦²?õ?ªã?ØÍ?¥???ò%ºbI*sU¡'ûK?*ìÑ)??°OnÑ_V¦??¢?p»>?!íÏn?!?¿p>¬
ù933? Ý'ÄWMËðøÉG6??@ÁOO\ôñ?ý?/"²Çñgî?|18©
X?áY¹¦ÍøAîP?rÍò ?7?ë¹?~[Nãy<èiõA¤???%¯ÕþaU?Í^0bt?ycÁ®¿?SÇ?Û08iÊ?ÌAåöŦ?&y(??6^Å?|Ê
??´F?îo???ág+7ÿd÷´R
RÌ??¥©0ûÑ??ÿA?=ȶ$å
ó?
w~?R?ù?
?ùbï*Ø?RÙíÜS?éd?NPþ½Vy?T?²=·þX@ï?9c "|ïÉÏ£:l5¦ö?à?ÐG:ÁV>??¯ðYÀ²U?Î?làVñ·¥&§?¶Ò&¶ÇIK?;??¤ð¶?Nslñ?Lä<Ð˹?ç?Å8áþ????9?âëN?@`K̯??qmJÌð?þÔ?SÑ+ü©.ðÂHy!µ?/ýëíÐÐ`?9?ìJª?-ø?z¬}>?n´Kcommons-openpgp (Commons OpenPGP Test Key) <commons-dev@jakarta.apache.org>?^????????C?QA????? ???????????????????
?Në?2§ÑkÔ$Ö??RèM?l +Êp÷?ÖÓ???ä? ³Jì?þM?V_²Ît?¶Ã???sM??X?C?QB????ù?l¡±«ËlüJè?å{??9nV/QÁ?úд?wul??ÃjÇð(?ÿy? ?Ò???¿áãÔªA??óÛ<1Ó`???+ü3óTÔu^|_M?½F@td»K?F84nfº?ëO¤±P?i*b?`?[?z¼h÷¹/!&õ ?ø?jC?&ñµ¦s????þ-F?þ#Ó?^f?½t?? ?Åe5v?Ë??±÷¤)ïr?ÙË???k2À?ïü?¹??8ØnGà4y|-Þ´øô?K?â?%?óý8F?Å¡J1?á5ö?^R?w?¶ÑËgs W50·lDæyÏý?íÞ.
0±|?¦J=?Û¹uÛ?Ê%?GýÏþ????9?âëN?@`?4?????Ͷ®Ö=E?sQ:i?q?Ôé¯FNH?ìpj©â?Ò/S??ã?/?ÌüýÙê'yí ë-??èéQ¼5??I????? ??C?QB????
?Në?2§ÑkÔãz??l???5/ðÀ Pÿ?¾¦?ô??_v????èSá2µ÷Õq?V?Æý?ùï??
=======================================================================
==src/test/resources/test-input
=======================================================================
The quick brown fox jumps over the lazy dog
quick brown fox jumps over the lazy dog The
brown fox jumps over the lazy dog The quick
fox jumps over the lazy dog The quick brown
jumps over the lazy dog The quick brown fox
over the lazy dog The quick brown fox jumps
the lazy dog The quick brown fox jumps over
lazy dog The quick brown fox jumps over the
dog The quick brown fox jumps over the lazy
=======================================================================
==src/test/resources/test-signature.asc
=======================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
iD8DBQBDlVJdTusOMqfRa9QRAuxXAJ9k0G+f2tbO6eTuBQS1uim44aADVwCgxS3i
MH8RP0v17V5sM1WN8ih97n8=
=gPJ5
-----END PGP SIGNATURE-----
=======================================================================
==src/test/resources/test-signature.bpg
=======================================================================
?????C???Në?2§ÑkÔ??9???<¾?Js[êÇ´=á]}Oþ?ô;c??9?W|®»ÍGD?ÕË"WÏý??Õí