org.eclipse.aether.spi.checksums.TrustedChecksumsSource Maven / Gradle / Ivy
Show all versions of maven-resolver-spi Show documentation
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.eclipse.aether.spi.checksums;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import org.eclipse.aether.RepositorySystemSession;
import org.eclipse.aether.artifact.Artifact;
import org.eclipse.aether.repository.ArtifactRepository;
import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory;
/**
* Component able to provide (trusted) checksums for artifacts.
*
* Note: the "trusted" meaning depends solely on implementation and the user using it. Resolver itself does nothing
* for "trust" (like some crypto magic or what not). It all boils down that the source being used by implementation is
* "trusted" by user or not.
*
* @since 1.9.0
*/
public interface TrustedChecksumsSource {
/**
* May return the trusted checksums (for given artifact) from trusted source, or {@code null} if not enabled.
* Enabled trusted checksum source SHOULD return non-null (empty map) result, when it has no data for given
* artifact. Empty map means in this case "no information", but how that case is interpreted depends on consumer
* for trusted checksums.
*
* @param session The repository system session, never {@code null}.
* @param artifact The artifact we want checksums for, never {@code null}.
* @param artifactRepository The origin repository: local, workspace, remote repository, never {@code null}.
* @param checksumAlgorithmFactories The checksum algorithms that are expected, never {@code null}.
* @return Map of expected checksums, or {@code null} if not enabled.
*/
Map getTrustedArtifactChecksums(
RepositorySystemSession session,
Artifact artifact,
ArtifactRepository artifactRepository,
List checksumAlgorithmFactories);
/**
* A writer that is able to write/add trusted checksums to this implementation.
*/
interface Writer {
/**
* Performs whatever implementation requires to "set" (write/add/append) given map of trusted checksums.
* The passed in list of checksum algorithm factories and the map must have equal size and mapping must
* contain all algorithm names in list.
*/
void addTrustedArtifactChecksums(
Artifact artifact,
ArtifactRepository artifactRepository,
List checksumAlgorithmFactories,
Map trustedArtifactChecksums)
throws IOException;
}
/**
* Some trusted checksums sources may implement this optional method: ability to write/add checksums to them.
* If source does not support this feature, method should return {@code null}.
*/
Writer getTrustedArtifactChecksumsWriter(RepositorySystemSession session);
}