forked from s4u/pgpverify-maven-plugin
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[MRESOLVER-375] Provided and trusted checksum fixes (s4u#307)
Several key aspects are broken in provided and trusted checksum feature of resolver: * trusted checksum post processor: the checksum algorithm is not prefixed (as documented) * the trusted to provided adapter is defunct without MRM being configured * the existing ProvidedChecksumsSource interface is broken, needs to be replaced --- https://issues.apache.org/jira/browse/MRESOLVER-375
- Loading branch information
Showing
9 changed files
with
201 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
109 changes: 109 additions & 0 deletions
109
...rg/eclipse/aether/internal/impl/checksum/TrustedToProvidedChecksumsSourceAdapterTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,109 @@ | ||
| /* | ||
| * Licensed to the Apache Software Foundation (ASF) under one | ||
| * or more contributor license agreements. See the NOTICE file | ||
| * distributed with this work for additional information | ||
| * regarding copyright ownership. The ASF licenses this file | ||
| * to you under the Apache License, Version 2.0 (the | ||
| * "License"); you may not use this file except in compliance | ||
| * with the License. You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, | ||
| * software distributed under the License is distributed on an | ||
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
| * KIND, either express or implied. See the License for the | ||
| * specific language governing permissions and limitations | ||
| * under the License. | ||
| */ | ||
| package org.eclipse.aether.internal.impl.checksum; | ||
|
|
||
| import java.util.Collections; | ||
| import java.util.HashMap; | ||
| import java.util.List; | ||
| import java.util.Map; | ||
|
|
||
| import org.eclipse.aether.RepositorySystemSession; | ||
| import org.eclipse.aether.artifact.Artifact; | ||
| import org.eclipse.aether.artifact.DefaultArtifact; | ||
| import org.eclipse.aether.repository.RemoteRepository; | ||
| import org.eclipse.aether.spi.checksums.TrustedChecksumsSource; | ||
| import org.eclipse.aether.spi.connector.ArtifactDownload; | ||
| import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; | ||
| import org.junit.Before; | ||
| import org.junit.Test; | ||
|
|
||
| import static org.hamcrest.MatcherAssert.assertThat; | ||
| import static org.hamcrest.Matchers.hasEntry; | ||
| import static org.hamcrest.Matchers.notNullValue; | ||
| import static org.hamcrest.Matchers.nullValue; | ||
| import static org.mockito.ArgumentMatchers.eq; | ||
| import static org.mockito.Mockito.mock; | ||
| import static org.mockito.Mockito.when; | ||
|
|
||
| public class TrustedToProvidedChecksumsSourceAdapterTest { | ||
| private final Artifact artifactWithChecksum = new DefaultArtifact("g:a:v1"); | ||
|
|
||
| private final Artifact artifactWithoutChecksum = new DefaultArtifact("g:a:v2"); | ||
|
|
||
| private final RemoteRepository repository = | ||
| new RemoteRepository.Builder("repo", "default", "https://example.com").build(); | ||
|
|
||
| private final List<ChecksumAlgorithmFactory> checksums = | ||
| Collections.singletonList(new Sha1ChecksumAlgorithmFactory()); | ||
|
|
||
| private final RepositorySystemSession session = mock(RepositorySystemSession.class); | ||
|
|
||
| private final TrustedChecksumsSource trustedChecksumsSource = mock(TrustedChecksumsSource.class); | ||
|
|
||
| private TrustedToProvidedChecksumsSourceAdapter adapter; | ||
|
|
||
| @Before | ||
| public void before() { | ||
| HashMap<String, String> result = new HashMap<>(); | ||
| result.put(Sha1ChecksumAlgorithmFactory.NAME, "foo"); | ||
| when(trustedChecksumsSource.getTrustedArtifactChecksums( | ||
| eq(session), eq(artifactWithChecksum), eq(repository), eq(checksums))) | ||
| .thenReturn(result); | ||
| adapter = new TrustedToProvidedChecksumsSourceAdapter( | ||
| Collections.singletonMap("trusted", trustedChecksumsSource)); | ||
| } | ||
|
|
||
| @Test | ||
| public void testSimplePositive() { | ||
| ArtifactDownload transfer = new ArtifactDownload(); | ||
| transfer.setArtifact(artifactWithChecksum); | ||
| Map<String, String> chk = adapter.getProvidedArtifactChecksums(session, transfer, repository, checksums); | ||
| assertThat(chk, notNullValue()); | ||
| assertThat(chk, hasEntry(Sha1ChecksumAlgorithmFactory.NAME, "foo")); | ||
| } | ||
|
|
||
| @Test | ||
| public void testSimpleNegative() { | ||
| ArtifactDownload transfer = new ArtifactDownload(); | ||
| transfer.setArtifact(artifactWithoutChecksum); | ||
| Map<String, String> chk = adapter.getProvidedArtifactChecksums(session, transfer, repository, checksums); | ||
| assertThat(chk, nullValue()); | ||
| } | ||
|
|
||
| @Test | ||
| public void testMrmPositive() { | ||
| RemoteRepository mrm = new RemoteRepository.Builder("mrm", "default", "https://example.com").build(); | ||
| ArtifactDownload transfer = new ArtifactDownload(); | ||
| transfer.setArtifact(artifactWithChecksum); | ||
| transfer.setRepositories(Collections.singletonList(repository)); | ||
| Map<String, String> chk = adapter.getProvidedArtifactChecksums(session, transfer, mrm, checksums); | ||
| assertThat(chk, notNullValue()); | ||
| assertThat(chk, hasEntry(Sha1ChecksumAlgorithmFactory.NAME, "foo")); | ||
| } | ||
|
|
||
| @Test | ||
| public void testMrmNegative() { | ||
| RemoteRepository mrm = new RemoteRepository.Builder("mrm", "default", "https://example.com").build(); | ||
| ArtifactDownload transfer = new ArtifactDownload(); | ||
| transfer.setArtifact(artifactWithoutChecksum); | ||
| transfer.setRepositories(Collections.singletonList(repository)); | ||
| Map<String, String> chk = adapter.getProvidedArtifactChecksums(session, transfer, mrm, checksums); | ||
| assertThat(chk, nullValue()); | ||
| } | ||
| } |
60 changes: 60 additions & 0 deletions
60
...-resolver-spi/src/main/java/org/eclipse/aether/spi/checksums/ProvidedChecksumsSource.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| /* | ||
| * Licensed to the Apache Software Foundation (ASF) under one | ||
| * or more contributor license agreements. See the NOTICE file | ||
| * distributed with this work for additional information | ||
| * regarding copyright ownership. The ASF licenses this file | ||
| * to you under the Apache License, Version 2.0 (the | ||
| * "License"); you may not use this file except in compliance | ||
| * with the License. You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, | ||
| * software distributed under the License is distributed on an | ||
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
| * KIND, either express or implied. See the License for the | ||
| * specific language governing permissions and limitations | ||
| * under the License. | ||
| */ | ||
| package org.eclipse.aether.spi.checksums; | ||
|
|
||
| import java.util.List; | ||
| import java.util.Map; | ||
|
|
||
| import org.eclipse.aether.RepositorySystemSession; | ||
| import org.eclipse.aether.repository.RemoteRepository; | ||
| import org.eclipse.aether.spi.connector.ArtifactDownload; | ||
| import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; | ||
| import org.eclipse.aether.spi.connector.checksum.ChecksumPolicy; | ||
|
|
||
| /** | ||
| * Component able to provide (expected) checksums to connector beforehand the download happens. Checksum provided by | ||
| * this component are of kind {@link ChecksumPolicy.ChecksumKind#PROVIDED}. Resolver by default provides one | ||
| * implementation: an adapter, that makes {@link TrustedChecksumsSource} into {@link ProvidedChecksumsSource}. Users | ||
| * are encouraged to rely on this adapter, and do not create their own implementations. | ||
| * | ||
| * @since TBD | ||
| */ | ||
| public interface ProvidedChecksumsSource { | ||
| /** | ||
| * May return the provided checksums (for given artifact transfer) from source other than remote repository, or | ||
| * {@code null} if it have no checksums available for given transfer. Provided checksums are "opt-in" for | ||
| * transfer, in a way IF they are available upfront, they will be enforced according to checksum policy | ||
| * in effect. Otherwise, provided checksum verification is completely left out. | ||
| * <p> | ||
| * For enabled provided checksum source is completely acceptable to return {@code null} values, as that carries | ||
| * the meaning "nothing to add here", as there are no checksums to be provided upfront transfer. Semantically, this | ||
| * is equivalent to returning empty map, but signals the intent better. | ||
| * | ||
| * @param session The current session. | ||
| * @param transfer The transfer that is about to be executed. | ||
| * @param remoteRepository The remote repository connector is about to contact. | ||
| * @param checksumAlgorithmFactories The checksum algorithms that are expected. | ||
| * @return Map of expected checksums, or {@code null}. | ||
| */ | ||
| Map<String, String> getProvidedArtifactChecksums( | ||
| RepositorySystemSession session, | ||
| ArtifactDownload transfer, | ||
| RemoteRepository remoteRepository, | ||
| List<ChecksumAlgorithmFactory> checksumAlgorithmFactories); | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters