1 package org.eclipse.aether.spi.checksums;
2
3 /*
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21
22 import java.io.IOException;
23 import java.util.List;
24 import java.util.Map;
25
26 import org.eclipse.aether.RepositorySystemSession;
27 import org.eclipse.aether.artifact.Artifact;
28 import org.eclipse.aether.repository.ArtifactRepository;
29 import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory;
30
31 /**
32 * Component able to provide (trusted) checksums for artifacts.
33 * <p>
34 * Note: the "trusted" meaning depends solely on implementation and the user using it. Resolver itself does nothing
35 * for "trust" (like some crypto magic or what not). It all boils down that the source being used by implementation is
36 * "trusted" by user or not.
37 *
38 * @since 1.9.0
39 */
40 public interface TrustedChecksumsSource
41 {
42 /**
43 * May return the trusted checksums (for given artifact) from trusted source, or {@code null} if not enabled.
44 * Enabled trusted checksum source SHOULD return non-null (empty map) result, when it has no data for given
45 * artifact. Empty map means in this case "no information", but how that case is interpreted depends on consumer
46 * for trusted checksums.
47 *
48 * @param session The repository system session, never {@code null}.
49 * @param artifact The artifact we want checksums for, never {@code null}.
50 * @param artifactRepository The origin repository: local, workspace, remote repository, never {@code null}.
51 * @param checksumAlgorithmFactories The checksum algorithms that are expected, never {@code null}.
52 * @return Map of expected checksums, or {@code null} if not enabled.
53 */
54 Map<String, String> getTrustedArtifactChecksums( RepositorySystemSession session,
55 Artifact artifact,
56 ArtifactRepository artifactRepository,
57 List<ChecksumAlgorithmFactory> checksumAlgorithmFactories );
58
59 /**
60 * A writer that is able to write/add trusted checksums to this implementation.
61 */
62 interface Writer
63 {
64 /**
65 * Performs whatever implementation requires to "set" (write/add/append) given map of trusted checksums.
66 * The passed in list of checksum algorithm factories and the map must have equal size and mapping must
67 * contain all algorithm names in list.
68 */
69 void addTrustedArtifactChecksums( Artifact artifact,
70 ArtifactRepository artifactRepository,
71 List<ChecksumAlgorithmFactory> checksumAlgorithmFactories,
72 Map<String, String> trustedArtifactChecksums ) throws IOException;
73 }
74
75 /**
76 * Some trusted checksums sources may implement this optional method: ability to write/add checksums to them.
77 * If source does not support this feature, method should return {@code null}.
78 */
79 Writer getTrustedArtifactChecksumsWriter( RepositorySystemSession session );
80 }