fix: sort members

Author: ppkarwasz

src/main/java/org/apache/commons/release/plugin/internal/ArtifactUtils.java

@@ -61,19 +61,27 @@ public final class ArtifactUtils {
         IN_TOTO_DIGEST_NAMES = Collections.unmodifiableMap(m);
     }
 
-    /** No instances. */
-    private ArtifactUtils() {
-        // prevent instantiation
-    }
-
     /**
-     * Gets the filename of an artifact in the default Maven repository layout.
+     * Gets a map of checksum algorithm names to hex-encoded digest values for the given artifact file.
      *
      * @param artifact A Maven artifact.
-     * @return A filename.
+     * @param algorithms JSSE names of algorithms to use
+     * @return A map of checksum algorithm names to hex-encoded digest values.
+     * @throws IOException If an I/O error occurs reading the artifact file.
+     * @throws IllegalArgumentException If any of the algorithms is not supported.
      */
-    public static String getFileName(final Artifact artifact) {
-        return getFileName(artifact, artifact.getArtifactHandler().getExtension());
+    private static Map<String, String> getChecksums(final Artifact artifact, final String... algorithms) throws IOException {
+        final Map<String, String> checksums = new HashMap<>();
+        for (final String algorithm : algorithms) {
+            final String key = IN_TOTO_DIGEST_NAMES.get(algorithm);
+            if (key == null) {
+                throw new IllegalArgumentException("Invalid algorithm name for in-toto attestation: " + algorithm);
+            }
+            final DigestUtils digest = new DigestUtils(DigestUtils.getDigest(algorithm));
+            final String checksum = digest.digestAsHex(artifact.getFile());
+            checksums.put(key, checksum);
+        }
+        return checksums;
     }
 
     /**
@@ -93,6 +101,16 @@ public static String getFileName(final Artifact artifact, final String extension
         return fileName.toString();
     }
 
+    /**
+     * Gets the filename of an artifact in the default Maven repository layout.
+     *
+     * @param artifact A Maven artifact.
+     * @return A filename.
+     */
+    public static String getFileName(final Artifact artifact) {
+        return getFileName(artifact, artifact.getArtifactHandler().getExtension());
+    }
+
     /**
      * Gets the Package URL corresponding to this artifact.
      *
@@ -111,29 +129,6 @@ public static String getPackageUrl(final Artifact artifact) {
         return sb.toString();
     }
 
-    /**
-     * Gets a map of checksum algorithm names to hex-encoded digest values for the given artifact file.
-     *
-     * @param artifact A Maven artifact.
-     * @param algorithms JSSE names of algorithms to use
-     * @return A map of checksum algorithm names to hex-encoded digest values.
-     * @throws IOException If an I/O error occurs reading the artifact file.
-     * @throws IllegalArgumentException If any of the algorithms is not supported.
-     */
-    private static Map<String, String> getChecksums(final Artifact artifact, final String... algorithms) throws IOException {
-        final Map<String, String> checksums = new HashMap<>();
-        for (final String algorithm : algorithms) {
-            final String key = IN_TOTO_DIGEST_NAMES.get(algorithm);
-            if (key == null) {
-                throw new IllegalArgumentException("Invalid algorithm name for in-toto attestation: " + algorithm);
-            }
-            final DigestUtils digest = new DigestUtils(DigestUtils.getDigest(algorithm));
-            final String checksum = digest.digestAsHex(artifact.getFile());
-            checksums.put(key, checksum);
-        }
-        return checksums;
-    }
-
     /**
      * Converts a Maven artifact to a SLSA {@link ResourceDescriptor}.
      *
@@ -155,4 +150,9 @@ public static ResourceDescriptor toResourceDescriptor(final Artifact artifact, f
         }
         return descriptor;
     }
+
+    /** No instances. */
+    private ArtifactUtils() {
+        // prevent instantiation
+    }
 }

src/main/java/org/apache/commons/release/plugin/internal/BuildDefinitions.java

@@ -36,9 +36,44 @@
 public final class BuildDefinitions {
 
     /**
-     * No instances.
+     * Reconstructs the Maven command line string from the given execution request.
+     *
+     * @param request the Maven execution request
+     * @return a string representation of the Maven command line
      */
-    private BuildDefinitions() {
+    static String commandLine(final MavenExecutionRequest request) {
+        final List<String> args = new ArrayList<>(request.getGoals());
+        final String profiles = String.join(",", request.getActiveProfiles());
+        if (!profiles.isEmpty()) {
+            args.add("-P" + profiles);
+        }
+        request.getUserProperties().forEach((key, value) -> args.add("-D" + key + "=" + value));
+        return String.join(" ", args);
+    }
+
+    /**
+     * Returns a map of external build parameters captured from the current JVM and Maven session.
+     *
+     * @param session the current Maven session
+     * @return a map of parameter names to values
+     */
+    public static Map<String, Object> externalParameters(final MavenSession session) {
+        final Map<String, Object> params = new HashMap<>();
+        params.put("jvm.args", ManagementFactory.getRuntimeMXBean().getInputArguments());
+        final MavenExecutionRequest request = session.getRequest();
+        params.put("maven.goals", request.getGoals());
+        params.put("maven.profiles", request.getActiveProfiles());
+        params.put("maven.user.properties", request.getUserProperties());
+        params.put("maven.cmdline", commandLine(request));
+        final Map<String, Object> env = new HashMap<>();
+        params.put("env", env);
+        for (final Map.Entry<String, String> entry : System.getenv().entrySet()) {
+            final String key = entry.getKey();
+            if ("TZ".equals(key) || "LANG".equals(key) || key.startsWith("LC_")) {
+                env.put(key, entry.getValue());
+            }
+        }
+        return params;
     }
 
     /**
@@ -106,43 +141,8 @@ public static ResourceDescriptor maven(final String version, final Path mavenHom
     }
 
     /**
-     * Returns a map of external build parameters captured from the current JVM and Maven session.
-     *
-     * @param session the current Maven session
-     * @return a map of parameter names to values
-     */
-    public static Map<String, Object> externalParameters(final MavenSession session) {
-        final Map<String, Object> params = new HashMap<>();
-        params.put("jvm.args", ManagementFactory.getRuntimeMXBean().getInputArguments());
-        final MavenExecutionRequest request = session.getRequest();
-        params.put("maven.goals", request.getGoals());
-        params.put("maven.profiles", request.getActiveProfiles());
-        params.put("maven.user.properties", request.getUserProperties());
-        params.put("maven.cmdline", commandLine(request));
-        final Map<String, Object> env = new HashMap<>();
-        params.put("env", env);
-        for (final Map.Entry<String, String> entry : System.getenv().entrySet()) {
-            final String key = entry.getKey();
-            if ("TZ".equals(key) || "LANG".equals(key) || key.startsWith("LC_")) {
-                env.put(key, entry.getValue());
-            }
-        }
-        return params;
-    }
-
-    /**
-     * Reconstructs the Maven command line string from the given execution request.
-     *
-     * @param request the Maven execution request
-     * @return a string representation of the Maven command line
+     * No instances.
      */
-    static String commandLine(final MavenExecutionRequest request) {
-        final List<String> args = new ArrayList<>(request.getGoals());
-        final String profiles = String.join(",", request.getActiveProfiles());
-        if (!profiles.isEmpty()) {
-            args.add("-P" + profiles);
-        }
-        request.getUserProperties().forEach((key, value) -> args.add("-D" + key + "=" + value));
-        return String.join(" ", args);
+    private BuildDefinitions() {
     }
 }

src/main/java/org/apache/commons/release/plugin/internal/DsseUtils.java

@@ -47,12 +47,6 @@
  */
 public final class DsseUtils {
 
-    /**
-     * Not instantiable.
-     */
-    private DsseUtils() {
-    }
-
     /**
      * Creates and prepares a {@link GpgSigner} from the given configuration.
      *
@@ -79,6 +73,56 @@ public static AbstractGpgSigner createGpgSigner(final String executable, final b
         return signer;
     }
 
+    /**
+     * Extracts the key identifier from a binary OpenPGP Signature Packet.
+     *
+     * @param sigBytes raw binary OpenPGP Signature Packet bytes
+     * @return uppercase hex-encoded fingerprint or key ID string
+     * @throws MojoExecutionException if {@code sigBytes} cannot be parsed as an OpenPGP signature
+     */
+    public static String getKeyId(final byte[] sigBytes) throws MojoExecutionException {
+        try {
+            final PGPSignatureList sigList = (PGPSignatureList) new BcPGPObjectFactory(sigBytes).nextObject();
+            final PGPSignature sig = sigList.get(0);
+            final PGPSignatureSubpacketVector hashed = sig.getHashedSubPackets();
+            if (hashed != null) {
+                final IssuerFingerprint fp = hashed.getIssuerFingerprint();
+                if (fp != null) {
+                    return Hex.encodeHexString(fp.getFingerprint());
+                }
+            }
+            return Long.toHexString(sig.getKeyID()).toUpperCase(Locale.ROOT);
+        } catch (final IOException e) {
+            throw new MojoExecutionException("Failed to extract key ID from signature", e);
+        }
+    }
+
+    /**
+     * Signs {@code paeFile} and returns the raw OpenPGP signature bytes.
+     *
+     * <p>The signer must already have {@link AbstractGpgSigner#prepare()} called before this method is invoked.</p>
+     *
+     * @param signer  the configured, prepared signer
+     * @param path path to the file to sign
+     * @return raw binary PGP signature bytes
+     * @throws MojoExecutionException if signing or signature decoding fails
+     */
+    public static byte[] signFile(final AbstractGpgSigner signer, final Path path) throws MojoExecutionException {
+        final Path signaturePath = signer.generateSignatureForArtifact(path.toFile()).toPath();
+        final byte[] signatureBytes;
+        try (InputStream in = Files.newInputStream(signaturePath); ArmoredInputStream armoredIn = new ArmoredInputStream(in)) {
+            signatureBytes = IOUtils.toByteArray(armoredIn);
+        } catch (final IOException e) {
+            throw new MojoExecutionException("Failed to read signature file: " + signaturePath, e);
+        }
+        try {
+            Files.delete(signaturePath);
+        } catch (final IOException e) {
+            throw new MojoExecutionException("Failed to delete signature file: " + signaturePath, e);
+        }
+        return signatureBytes;
+    }
+
     /**
      * Serializes {@code statement} to JSON using the DSSE Pre-Authentication Encoding (PAE).
      *
@@ -127,52 +171,8 @@ public static Path writePaeFile(final byte[] statementBytes, final Path buildDir
     }
 
     /**
-     * Signs {@code paeFile} and returns the raw OpenPGP signature bytes.
-     *
-     * <p>The signer must already have {@link AbstractGpgSigner#prepare()} called before this method is invoked.</p>
-     *
-     * @param signer  the configured, prepared signer
-     * @param path path to the file to sign
-     * @return raw binary PGP signature bytes
-     * @throws MojoExecutionException if signing or signature decoding fails
-     */
-    public static byte[] signFile(final AbstractGpgSigner signer, final Path path) throws MojoExecutionException {
-        final Path signaturePath = signer.generateSignatureForArtifact(path.toFile()).toPath();
-        final byte[] signatureBytes;
-        try (InputStream in = Files.newInputStream(signaturePath); ArmoredInputStream armoredIn = new ArmoredInputStream(in)) {
-            signatureBytes = IOUtils.toByteArray(armoredIn);
-        } catch (final IOException e) {
-            throw new MojoExecutionException("Failed to read signature file: " + signaturePath, e);
-        }
-        try {
-            Files.delete(signaturePath);
-        } catch (final IOException e) {
-            throw new MojoExecutionException("Failed to delete signature file: " + signaturePath, e);
-        }
-        return signatureBytes;
-    }
-
-    /**
-     * Extracts the key identifier from a binary OpenPGP Signature Packet.
-     *
-     * @param sigBytes raw binary OpenPGP Signature Packet bytes
-     * @return uppercase hex-encoded fingerprint or key ID string
-     * @throws MojoExecutionException if {@code sigBytes} cannot be parsed as an OpenPGP signature
+     * Not instantiable.
      */
-    public static String getKeyId(final byte[] sigBytes) throws MojoExecutionException {
-        try {
-            final PGPSignatureList sigList = (PGPSignatureList) new BcPGPObjectFactory(sigBytes).nextObject();
-            final PGPSignature sig = sigList.get(0);
-            final PGPSignatureSubpacketVector hashed = sig.getHashedSubPackets();
-            if (hashed != null) {
-                final IssuerFingerprint fp = hashed.getIssuerFingerprint();
-                if (fp != null) {
-                    return Hex.encodeHexString(fp.getFingerprint());
-                }
-            }
-            return Long.toHexString(sig.getKeyID()).toUpperCase(Locale.ROOT);
-        } catch (final IOException e) {
-            throw new MojoExecutionException("Failed to extract key ID from signature", e);
-        }
+    private DsseUtils() {
     }
 }