View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.eclipse.aether.spi.checksums;
20  
21  import java.io.IOException;
22  import java.util.List;
23  import java.util.Map;
24  
25  import org.eclipse.aether.RepositorySystemSession;
26  import org.eclipse.aether.artifact.Artifact;
27  import org.eclipse.aether.repository.ArtifactRepository;
28  import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory;
29  
30  /**
31   * Component able to provide (trusted) checksums for artifacts.
32   * <p>
33   * Note: the "trusted" meaning depends solely on implementation and the user using it. Resolver itself does nothing
34   * for "trust" (like some crypto magic or what not). It all boils down that the source being used by implementation is
35   * "trusted" by user or not.
36   *
37   * @since 1.9.0
38   */
39  public interface TrustedChecksumsSource {
40      /**
41       * May return the trusted checksums (for given artifact) from trusted source, or {@code null} if not enabled.
42       * Enabled trusted checksum source SHOULD return non-null (empty map) result, when it has no data for given
43       * artifact. Empty map means in this case "no information", but how that case is interpreted depends on consumer
44       * for trusted checksums.
45       *
46       * @param session                    The repository system session, never {@code null}.
47       * @param artifact                   The artifact we want checksums for, never {@code null}.
48       * @param artifactRepository         The origin repository: local, workspace, remote repository, never {@code null}.
49       * @param checksumAlgorithmFactories The checksum algorithms that are expected, never {@code null}.
50       * @return Map of expected checksums, or {@code null} if not enabled.
51       */
52      Map<String, String> getTrustedArtifactChecksums(
53              RepositorySystemSession session,
54              Artifact artifact,
55              ArtifactRepository artifactRepository,
56              List<ChecksumAlgorithmFactory> checksumAlgorithmFactories);
57  
58      /**
59       * A writer that is able to write/add trusted checksums to this implementation.
60       */
61      interface Writer {
62          /**
63           * Performs whatever implementation requires to "set" (write/add/append) given map of trusted checksums.
64           * The passed in list of checksum algorithm factories and the map must have equal size and mapping must
65           * contain all algorithm names in list.
66           */
67          void addTrustedArtifactChecksums(
68                  Artifact artifact,
69                  ArtifactRepository artifactRepository,
70                  List<ChecksumAlgorithmFactory> checksumAlgorithmFactories,
71                  Map<String, String> trustedArtifactChecksums)
72                  throws IOException;
73      }
74  
75      /**
76       * Some trusted checksums sources may implement this optional method: ability to write/add checksums to them.
77       * If source does not support this feature, method should return {@code null}.
78       */
79      Writer getTrustedArtifactChecksumsWriter(RepositorySystemSession session);
80  }