Removed setAuthors, moved manufacurer to component section

Signed-off-by: Björn Kornefalk <[email protected]>

src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java

@@ -18,6 +18,7 @@
  */
 package org.cyclonedx.maven;
 
+import java.util.stream.Collectors;
 import org.apache.commons.io.FileUtils;
 import org.apache.maven.artifact.Artifact;
 import org.apache.maven.model.Developer;
@@ -355,26 +356,28 @@ public void execute() throws MojoExecutionException {
                 if (detectUnusedForOptionalScope) {
                     metadata.addProperty(newProperty("maven.optional.unused", Boolean.toString(detectUnusedForOptionalScope)));
                 }
-
-                List<Developer> developers = project.getDevelopers();
-                Organization organization = project.getOrganization();
-                if (organization != null || (developers != null && !developers.isEmpty())) {
-                    metadata.setManufacturer(createManufacturer(organization, developers));
-                }
-                if ((developers != null && !developers.isEmpty())) {
-                    metadata.setAuthors(createListOfAuthors(null, developers));
-                }
             }
 
             final Component rootComponent = metadata.getComponent();
             componentMap.remove(rootComponent.getPurl());
+            setManufacturer(project, rootComponent);
 
             projectDependenciesConverter.cleanupBomDependencies(metadata, componentMap, dependencyMap);
 
             generateBom(analysis, metadata, new ArrayList<>(componentMap.values()), new ArrayList<>(dependencyMap.values()));
         }
     }
 
+    protected void setManufacturer(MavenProject mavenProject, Component projectBomComponent) {
+        getLog().debug("setManufacturer for " + mavenProject.getGroupId() + ":" +
+            mavenProject.getArtifactId() + ":" + mavenProject.getVersion());
+        List<Developer> developers = mavenProject.getDevelopers();
+        Organization organization = mavenProject.getOrganization();
+        if (organization != null || (developers != null && !developers.isEmpty())) {
+            projectBomComponent.setManufacturer(createManufacturer(organization, developers));
+        }
+    }
+
     OrganizationalEntity createManufacturer(Organization organization, List<Developer> developers) {
         OrganizationalEntity manufacturer = new OrganizationalEntity();
         if (organization != null) {
@@ -386,13 +389,23 @@ OrganizationalEntity createManufacturer(Organization organization, List<Develope
             }
         }
         if (developers != null) {
-            addContacts(manufacturer, developers);
+            DeveloperInformation information = createListOfContacts(developers);
+            if (!information.getContacts().isEmpty()) {
+                manufacturer.setContacts(information.getContacts());
+            }
+            if (manufacturer.getName() == null) {
+                manufacturer.setName(information.getOrganization());
+            }
+            for (String url : information.getUrls()) {
+                addUrl(manufacturer, url);
+            }
         }
+        getLog().debug("Set manufacturer information name=" + manufacturer.getName());
         return manufacturer;
     }
 
-    List<OrganizationalContact> createListOfAuthors(OrganizationalEntity manufacturer, List<Developer> developers) {
-        List<OrganizationalContact> list = new ArrayList<>();
+    DeveloperInformation createListOfContacts(List<Developer> developers) {
+        DeveloperInformation developerInformation = new DeveloperInformation();
         for (Developer developer : developers) {
             OrganizationalContact contact = new OrganizationalContact();
             if (isNotNullOrEmpty(developer.getName())) {
@@ -401,25 +414,12 @@ List<OrganizationalContact> createListOfAuthors(OrganizationalEntity manufacture
             if (isNotNullOrEmpty(developer.getEmail())) {
                 contact.setEmail(developer.getEmail());
             }
-            if (manufacturer != null) {
-                if (isNullOrEmpty(manufacturer.getName()) && isNotNullOrEmpty(developer.getOrganization())) {
-                    manufacturer.setName(developer.getOrganization());
-                }
-                if (isNotNullOrEmpty(developer.getOrganizationUrl())) {
-                    addUrl(manufacturer, developer.getOrganizationUrl());
-                }
-                if (isNotNullOrEmpty(developer.getUrl())) {
-                    addUrl(manufacturer, developer.getUrl());
-                }
-            }
-            list.add(contact);
+            developerInformation.addOrganizationalContact(contact);
+            developerInformation.setOrganization(developer.getOrganization());
+            developerInformation.addUrl(developer.getOrganizationUrl());
+            developerInformation.addUrl(developer.getUrl());
         }
-        return list;
-    }
-
-
-    void addContacts(OrganizationalEntity manufacturer, List<Developer> developers) {
-        manufacturer.setContacts(createListOfAuthors(manufacturer, developers));
+        return developerInformation;
     }
 
     void addUrl(OrganizationalEntity manufacturer, String url) {

src/main/java/org/cyclonedx/maven/CycloneDxAggregateMojo.java

@@ -129,6 +129,7 @@ protected String extractComponentsAndDependencies(final Set<String> topLevelComp
             final Map<String, Dependency> projectDependencies = bomDependencies.getDependencies();
 
             final Component projectBomComponent = convertMavenDependency(mavenProject.getArtifact());
+            setManufacturer(mavenProject, projectBomComponent);
             components.put(projectBomComponent.getPurl(), projectBomComponent);
             topLevelComponents.add(projectBomComponent.getPurl());
 

src/main/java/org/cyclonedx/maven/CycloneDxPackageMojo.java

@@ -68,6 +68,7 @@ protected String extractComponentsAndDependencies(Set<String> topLevelComponents
 
             final Component projectBomComponent = convertMavenDependency(mavenProject.getArtifact());
             components.put(projectBomComponent.getPurl(), projectBomComponent);
+            setManufacturer(mavenProject, projectBomComponent);
             topLevelComponents.add(projectBomComponent.getPurl());
 
             populateComponents(topLevelComponents, components, bomDependencies.getArtifacts(), null);

src/main/java/org/cyclonedx/maven/DeveloperInformation.java

@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) Giesecke+Devrient Mobile Security GmbH 2018-2024
+ */
+package org.cyclonedx.maven;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.cyclonedx.model.OrganizationalContact;
+
+/**
+ * Help class for parse a list of developers
+ */
+class DeveloperInformation {
+
+    private final List<OrganizationalContact> contacts = new ArrayList<>();
+    private String organization;
+    private final List<String> urls = new ArrayList<>();
+
+    /**
+     * Add contact information
+     *
+     * @param contact The contact
+     */
+    void addOrganizationalContact(OrganizationalContact contact) {
+        contacts.add(contact);
+    }
+
+    /**
+     * If Maven section "<organization>" is missing, see if we can find any organization information from
+     * a developers section
+     * @param organization The organization name
+     */
+    void setOrganization(String organization) {
+        if (this.organization == null && organization != null) {
+            this.organization = organization;
+        }
+    }
+
+    /**
+     * Add a defined url
+     * @param url The url
+     */
+    void addUrl(String url) {
+        if (url != null) {
+            urls.add(url);
+        }
+    }
+
+    /**
+     * @return List of contacts
+     */
+    public List<OrganizationalContact> getContacts() {
+        return contacts;
+    }
+
+    /**
+     * @return First organization name if found
+     */
+    public String getOrganization() {
+        return organization;
+    }
+
+    /**
+     * @return List of configured urls
+     */
+    public List<String> getUrls() {
+        return urls;
+    }
+}

src/test/java/org/cyclonedx/maven/BaseCycloneDxMojoTest.java

@@ -7,6 +7,8 @@
 import java.util.Map;
 import java.util.Set;
 import org.apache.maven.model.Developer;
+import org.apache.maven.model.Organization;
+import org.apache.maven.project.MavenProject;
 import org.cyclonedx.model.Component;
 import org.cyclonedx.model.Dependency;
 import org.cyclonedx.model.OrganizationalContact;
@@ -30,10 +32,9 @@ protected String extractComponentsAndDependencies(Set<String> topLevelComponents
     }
 
     @Test
-    @DisplayName("")
-    void createListOfAuthors() {
+    @DisplayName("Using developers information only")
+    void setManufacturer1() {
         BaseCycloneDxMojoImpl mojo = new BaseCycloneDxMojoImpl();
-        OrganizationalEntity manufacturer = new OrganizationalEntity();
         List<Developer> developers = new ArrayList<>();
         Developer developer = new Developer();
         developer.setName("Developer");
@@ -47,21 +48,96 @@ void createListOfAuthors() {
         developer = new Developer();
         developer.setOrganizationUrl("http://foo.com");
         developers.add(developer);
-        List<OrganizationalContact> listOfAuthors = mojo.createListOfAuthors(manufacturer, developers);
-        assertNotNull(listOfAuthors);
-        assertEquals(4, listOfAuthors.size());
-        assertEquals("Developer", listOfAuthors.get(0).getName());
+        Component projectBomComponent = new Component();
+        MavenProject mavenProject = new MavenProject();
+        mavenProject.setDevelopers(developers);
+        mojo.setManufacturer(mavenProject, projectBomComponent);
+        OrganizationalEntity manufacturer = projectBomComponent.getManufacturer();
+        assertNotNull(manufacturer);
+        assertEquals(4, manufacturer.getContacts().size());
+        assertEquals("Developer", manufacturer.getContacts().get(0).getName());
+        assertEquals("My Organization", manufacturer.getName());
     }
 
     @Test
-    @DisplayName("Verify addContacts")
-    void addContacts() {
+    @DisplayName("Using developers information  with empty organization")
+    void setManufacturer2() {
         BaseCycloneDxMojoImpl mojo = new BaseCycloneDxMojoImpl();
-        OrganizationalEntity manufacturer = new OrganizationalEntity();
-        List<Developer > developers = new ArrayList<>();
-        mojo.addContacts(manufacturer, developers);
-        assertNotNull(manufacturer.getContacts());
-        assertTrue(manufacturer.getContacts().isEmpty());
+        List<Developer> developers = new ArrayList<>();
+        Developer developer = new Developer();
+        developer.setName("Developer");
+        developers.add(developer);
+        developer = new Developer();
+        developer.setEmail("[email protected]");
+        developers.add(developer);
+        developer = new Developer();
+        developer.setOrganization("My Organization");
+        developers.add(developer);
+        developer = new Developer();
+        developer.setOrganizationUrl("http://foo.com");
+        developers.add(developer);
+        Component projectBomComponent = new Component();
+        MavenProject mavenProject = new MavenProject();
+        mavenProject.setDevelopers(developers);
+        mavenProject.setOrganization(new Organization());
+        mojo.setManufacturer(mavenProject, projectBomComponent);
+        OrganizationalEntity manufacturer = projectBomComponent.getManufacturer();
+        assertNotNull(manufacturer);
+        assertEquals(4, manufacturer.getContacts().size());
+        assertEquals("Developer", manufacturer.getContacts().get(0).getName());
+        assertEquals("My Organization", manufacturer.getName());
+    }
+
+    @Test
+    @DisplayName("Using developers and organization information")
+    void setManufacturer3() {
+        BaseCycloneDxMojoImpl mojo = new BaseCycloneDxMojoImpl();
+
+        MavenProject mavenProject = new MavenProject();
+        List<Developer> developers = new ArrayList<>();
+        Developer developer = new Developer();
+        developer.setName("Developer 2");
+        developer.setEmail("[email protected]");
+        developer.setOrganization("My Organization");
+        developer.setOrganizationUrl("http://foo.com");
+        developers.add(developer);
+        mavenProject.setDevelopers(developers);
+
+        Organization organization = new Organization();
+        organization.setName("My Company");
+        organization.setUrl("http://example.com");
+        mavenProject.setOrganization(organization);
+
+        Component projectBomComponent = new Component();
+        mojo.setManufacturer(mavenProject, projectBomComponent);
+        OrganizationalEntity manufacturer = projectBomComponent.getManufacturer();
+        assertNotNull(manufacturer);
+        assertEquals(1, manufacturer.getContacts().size());
+        assertEquals("Developer 2", manufacturer.getContacts().get(0).getName());
+        assertEquals("My Company", manufacturer.getName());
+    }
+
+    @Test
+    @DisplayName("Using organization information only")
+    void setManufacturer4() {
+        BaseCycloneDxMojoImpl mojo = new BaseCycloneDxMojoImpl();
+
+        MavenProject mavenProject = new MavenProject();
+        List<Developer> developers = new ArrayList<>();
+        Organization organization = new Organization();
+        organization.setName("My Organization");
+        organization.setUrl("http://example.org");
+        mavenProject.setOrganization(organization);
+
+        mavenProject.setDevelopers(developers);
+        mavenProject.setOrganization(organization);
+
+        Component projectBomComponent = new Component();
+        mojo.setManufacturer(mavenProject, projectBomComponent);
+        OrganizationalEntity manufacturer = projectBomComponent.getManufacturer();
+        assertNotNull(manufacturer);
+        assertNull(manufacturer.getContacts());
+        assertEquals("My Organization", manufacturer.getName());
     }
 
     @Test