1 package org.eclipse.aether.spi.checksums; 2 3 /* 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 */ 21 22 import java.io.IOException; 23 import java.util.List; 24 import java.util.Map; 25 26 import org.eclipse.aether.RepositorySystemSession; 27 import org.eclipse.aether.artifact.Artifact; 28 import org.eclipse.aether.repository.ArtifactRepository; 29 import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; 30 31 /** 32 * Component able to provide (trusted) checksums for artifacts. 33 * <p> 34 * Note: the "trusted" meaning depends solely on implementation and the user using it. Resolver itself does nothing 35 * for "trust" (like some crypto magic or what not). It all boils down that the source being used by implementation is 36 * "trusted" by user or not. 37 * 38 * @since 1.9.0 39 */ 40 public interface TrustedChecksumsSource 41 { 42 /** 43 * May return the trusted checksums (for given artifact) from trusted source, or {@code null} if not enabled. 44 * Enabled trusted checksum source SHOULD return non-null (empty map) result, when it has no data for given 45 * artifact. Empty map means in this case "no information", but how that case is interpreted depends on consumer 46 * for trusted checksums. 47 * 48 * @param session The repository system session, never {@code null}. 49 * @param artifact The artifact we want checksums for, never {@code null}. 50 * @param artifactRepository The origin repository: local, workspace, remote repository, never {@code null}. 51 * @param checksumAlgorithmFactories The checksum algorithms that are expected, never {@code null}. 52 * @return Map of expected checksums, or {@code null} if not enabled. 53 */ 54 Map<String, String> getTrustedArtifactChecksums( RepositorySystemSession session, 55 Artifact artifact, 56 ArtifactRepository artifactRepository, 57 List<ChecksumAlgorithmFactory> checksumAlgorithmFactories ); 58 59 /** 60 * A writer that is able to write/add trusted checksums to this implementation. 61 */ 62 interface Writer 63 { 64 /** 65 * Performs whatever implementation requires to "set" (write/add/append) given map of trusted checksums. 66 * The passed in list of checksum algorithm factories and the map must have equal size and mapping must 67 * contain all algorithm names in list. 68 */ 69 void addTrustedArtifactChecksums( Artifact artifact, 70 ArtifactRepository artifactRepository, 71 List<ChecksumAlgorithmFactory> checksumAlgorithmFactories, 72 Map<String, String> trustedArtifactChecksums ) throws IOException; 73 } 74 75 /** 76 * Some trusted checksums sources may implement this optional method: ability to write/add checksums to them. 77 * If source does not support this feature, method should return {@code null}. 78 */ 79 Writer getTrustedArtifactChecksumsWriter( RepositorySystemSession session ); 80 }