michael-o commented on code in PR #199: URL: https://github.com/apache/maven-resolver/pull/199#discussion_r983853854
########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java: ########## @@ -0,0 +1,172 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.NoSuchFileException; +import java.nio.file.Path; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.util.artifact.ArtifactIdUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that use specified directory as base + * directory, where it expects a "summary" file named as "checksums.${checksumExt}" for each checksum algorithm, and + * file format is artifact ID and checksum separated by space per line. The format supports comments "#" (hash) and + * empty lines (both are ignored). + * <p> + * The source may be configured to be "origin aware", in that case it will factor in origin repository ID as well into + * file name (for example "central-checksums.sha1"). + * <p> + * The checksums file once loaded are cached in session, so in-flight file changes during lifecycle of session are NOT + * noticed. + * <p> + * The name of this implementation is "file-compact". + * + * @see ArtifactIdUtils#toId(Artifact) + * @since TBD + */ +@Singleton +@Named( CompactFileTrustedChecksumsSource.NAME ) +public final class CompactFileTrustedChecksumsSource + extends FileTrustedChecksumsSourceSupport +{ + public static final String NAME = "file-compact"; + + private static final String CHECKSUM_FILE_PREFIX = "checksums."; + + private static final String CHECKSUMS_CACHE_KEY = NAME + "-checksums"; + + private static final Logger LOGGER = LoggerFactory.getLogger( CompactFileTrustedChecksumsSource.class ); + + @Inject + public CompactFileTrustedChecksumsSource() + { + super( NAME ); + } + + @SuppressWarnings( "unchecked" ) + @Override + protected Map<String, String> performLookup( RepositorySystemSession session, + Path basedir, + Artifact artifact, + ArtifactRepository artifactRepository, + List<ChecksumAlgorithmFactory> checksumAlgorithmFactories ) + { + final String prefix; + if ( isOriginAware( session ) ) + { + if ( artifactRepository != null ) + { + prefix = artifactRepository.getId() + "-" + CHECKSUM_FILE_PREFIX; + } + else + { + prefix = session.getLocalRepository().getId() + "-" + CHECKSUM_FILE_PREFIX; Review Comment: Do we compare checksums for local files? ########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java: ########## @@ -0,0 +1,172 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.NoSuchFileException; +import java.nio.file.Path; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.util.artifact.ArtifactIdUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that use specified directory as base + * directory, where it expects a "summary" file named as "checksums.${checksumExt}" for each checksum algorithm, and + * file format is artifact ID and checksum separated by space per line. The format supports comments "#" (hash) and + * empty lines (both are ignored). + * <p> + * The source may be configured to be "origin aware", in that case it will factor in origin repository ID as well into + * file name (for example "central-checksums.sha1"). + * <p> + * The checksums file once loaded are cached in session, so in-flight file changes during lifecycle of session are NOT + * noticed. + * <p> + * The name of this implementation is "file-compact". + * + * @see ArtifactIdUtils#toId(Artifact) + * @since TBD + */ +@Singleton +@Named( CompactFileTrustedChecksumsSource.NAME ) +public final class CompactFileTrustedChecksumsSource + extends FileTrustedChecksumsSourceSupport +{ + public static final String NAME = "file-compact"; + + private static final String CHECKSUM_FILE_PREFIX = "checksums."; + + private static final String CHECKSUMS_CACHE_KEY = NAME + "-checksums"; + + private static final Logger LOGGER = LoggerFactory.getLogger( CompactFileTrustedChecksumsSource.class ); + + @Inject Review Comment: Isn't that noop? ########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java: ########## @@ -0,0 +1,172 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.NoSuchFileException; +import java.nio.file.Path; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.util.artifact.ArtifactIdUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that use specified directory as base + * directory, where it expects a "summary" file named as "checksums.${checksumExt}" for each checksum algorithm, and + * file format is artifact ID and checksum separated by space per line. The format supports comments "#" (hash) and + * empty lines (both are ignored). + * <p> + * The source may be configured to be "origin aware", in that case it will factor in origin repository ID as well into + * file name (for example "central-checksums.sha1"). + * <p> + * The checksums file once loaded are cached in session, so in-flight file changes during lifecycle of session are NOT + * noticed. + * <p> + * The name of this implementation is "file-compact". + * + * @see ArtifactIdUtils#toId(Artifact) + * @since TBD + */ +@Singleton +@Named( CompactFileTrustedChecksumsSource.NAME ) +public final class CompactFileTrustedChecksumsSource + extends FileTrustedChecksumsSourceSupport +{ + public static final String NAME = "file-compact"; + + private static final String CHECKSUM_FILE_PREFIX = "checksums."; + + private static final String CHECKSUMS_CACHE_KEY = NAME + "-checksums"; + + private static final Logger LOGGER = LoggerFactory.getLogger( CompactFileTrustedChecksumsSource.class ); + + @Inject + public CompactFileTrustedChecksumsSource() + { + super( NAME ); + } + + @SuppressWarnings( "unchecked" ) + @Override + protected Map<String, String> performLookup( RepositorySystemSession session, + Path basedir, + Artifact artifact, + ArtifactRepository artifactRepository, + List<ChecksumAlgorithmFactory> checksumAlgorithmFactories ) + { + final String prefix; + if ( isOriginAware( session ) ) + { + if ( artifactRepository != null ) Review Comment: How can this be `null`? ########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/SparseFileTrustedChecksumsSource.java: ########## @@ -0,0 +1,130 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.internal.impl.LocalPathComposer; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.spi.io.FileProcessor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import static java.util.Objects.requireNonNull; + +/** + * Sparse file {@link FileTrustedChecksumsSourceSupport} implementation that use specified directory as base + * directory, where it expects artifacts checksums on standard Maven2 "local" layout. This implementation uses Artifact + * coordinates solely to form path from basedir, pretty much as Maven local repository does. + * <p> + * The source may be configured to be "origin aware", in that case it will factor in origin repository ID as well into + * base directory name (for example ".checksums/central/..."). + * <p> + * The name of this implementation is "file-sparse". + * + * @see LocalPathComposer + * @since TBD + */ +@Singleton +@Named( SparseFileTrustedChecksumsSource.NAME ) +public final class SparseFileTrustedChecksumsSource + extends FileTrustedChecksumsSourceSupport +{ + public static final String NAME = "file-sparse"; + + private static final Logger LOGGER = LoggerFactory.getLogger( SparseFileTrustedChecksumsSource.class ); + + private final FileProcessor fileProcessor; + + private final LocalPathComposer localPathComposer; + + @Inject + public SparseFileTrustedChecksumsSource( FileProcessor fileProcessor, LocalPathComposer localPathComposer ) + { + super( NAME ); + this.fileProcessor = requireNonNull( fileProcessor ); + this.localPathComposer = requireNonNull( localPathComposer ); + } + + @Override + protected Map<String, String> performLookup( RepositorySystemSession session, + Path basedir, + Artifact artifact, + ArtifactRepository artifactRepository, + List<ChecksumAlgorithmFactory> checksumAlgorithmFactories ) + { + final String prefix; + if ( isOriginAware( session ) ) + { + if ( artifactRepository != null ) + { + prefix = artifactRepository.getId() + "/"; + } + else + { + prefix = session.getLocalRepository().getId() + "/"; + } + } + else + { + prefix = ""; + } + + final HashMap<String, String> checksums = new HashMap<>(); + final String artifactPath = localPathComposer.getPathForArtifact( artifact, false ); + for ( ChecksumAlgorithmFactory checksumAlgorithmFactory : checksumAlgorithmFactories ) + { + Path checksumPath = basedir.resolve( + prefix + artifactPath + "." + checksumAlgorithmFactory.getFileExtension() ); + + if ( !Files.isRegularFile( checksumPath ) ) + { + continue; + } Review Comment: I think this deserves a log message. I guess developer provided us nonsense. ########## maven-resolver-impl/src/test/java/org/eclipse/aether/internal/impl/checksum/FileTrustedChecksumsSourceTestSupport.java: ########## @@ -0,0 +1,90 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import java.io.IOException; +import java.nio.file.Path; +import java.util.Collections; +import java.util.Map; + +import org.eclipse.aether.DefaultRepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.artifact.DefaultArtifact; +import org.eclipse.aether.internal.test.util.TestUtils; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.junit.Before; +import org.junit.Test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +public abstract class FileTrustedChecksumsSourceTestSupport +{ + protected static final Artifact ARTIFACT_WITHOUT_CHECKSUM = new DefaultArtifact( "test:test:1.0" ); + + protected static final Artifact ARTIFACT_WITH_CHECKSUM = new DefaultArtifact( "test:test:2.0" ); + + protected static final String ARTIFACT_TRUSTED_CHECKSUM = "trustedChecksum"; + + protected DefaultRepositorySystemSession session; + + protected ChecksumAlgorithmFactory checksumAlgorithmFactory; + + private FileTrustedChecksumsSourceSupport subject; + + @Before + public void before() throws Exception + { + session = TestUtils.newSession(); + // populate local repository + Path baseDir = session.getLocalRepository().getBasedir().toPath() Review Comment: basedir ########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java: ########## @@ -0,0 +1,172 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.NoSuchFileException; +import java.nio.file.Path; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.util.artifact.ArtifactIdUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that use specified directory as base + * directory, where it expects a "summary" file named as "checksums.${checksumExt}" for each checksum algorithm, and + * file format is artifact ID and checksum separated by space per line. The format supports comments "#" (hash) and + * empty lines (both are ignored). + * <p> + * The source may be configured to be "origin aware", in that case it will factor in origin repository ID as well into + * file name (for example "central-checksums.sha1"). + * <p> + * The checksums file once loaded are cached in session, so in-flight file changes during lifecycle of session are NOT + * noticed. + * <p> + * The name of this implementation is "file-compact". + * + * @see ArtifactIdUtils#toId(Artifact) + * @since TBD + */ +@Singleton +@Named( CompactFileTrustedChecksumsSource.NAME ) +public final class CompactFileTrustedChecksumsSource + extends FileTrustedChecksumsSourceSupport +{ + public static final String NAME = "file-compact"; + + private static final String CHECKSUM_FILE_PREFIX = "checksums."; + + private static final String CHECKSUMS_CACHE_KEY = NAME + "-checksums"; + + private static final Logger LOGGER = LoggerFactory.getLogger( CompactFileTrustedChecksumsSource.class ); + + @Inject + public CompactFileTrustedChecksumsSource() + { + super( NAME ); + } + + @SuppressWarnings( "unchecked" ) + @Override + protected Map<String, String> performLookup( RepositorySystemSession session, + Path basedir, + Artifact artifact, + ArtifactRepository artifactRepository, + List<ChecksumAlgorithmFactory> checksumAlgorithmFactories ) + { + final String prefix; + if ( isOriginAware( session ) ) + { + if ( artifactRepository != null ) + { + prefix = artifactRepository.getId() + "-" + CHECKSUM_FILE_PREFIX; + } + else + { + prefix = session.getLocalRepository().getId() + "-" + CHECKSUM_FILE_PREFIX; + } + } + else + { + prefix = CHECKSUM_FILE_PREFIX; + } + + final ConcurrentHashMap<String, ConcurrentHashMap<String, String>> basedirProvidedChecksums = + (ConcurrentHashMap<String, ConcurrentHashMap<String, String>>) session.getData() + .computeIfAbsent( CHECKSUMS_CACHE_KEY, ConcurrentHashMap::new ); + + final HashMap<String, String> checksums = new HashMap<>(); + for ( ChecksumAlgorithmFactory checksumAlgorithmFactory : checksumAlgorithmFactories ) + { + ConcurrentHashMap<String, String> algorithmChecksums = basedirProvidedChecksums.computeIfAbsent( + checksumAlgorithmFactory.getName(), + algName -> loadProvidedChecksums( + basedir.resolve( prefix + checksumAlgorithmFactory.getFileExtension() ) + ) + ); + String checksum = algorithmChecksums.get( ArtifactIdUtils.toId( artifact ) ); + if ( checksum != null ) + { + checksums.put( checksumAlgorithmFactory.getName(), checksum ); + } + } + return checksums; + } + + private ConcurrentHashMap<String, String> loadProvidedChecksums( Path checksumFile ) + { + ConcurrentHashMap<String, String> result = new ConcurrentHashMap<>(); + try + { + try ( BufferedReader reader = Files.newBufferedReader( checksumFile, StandardCharsets.UTF_8 ) ) + { + LOGGER.debug( "Loading provided checksums file '{}'", checksumFile ); + String line = reader.readLine(); + while ( line != null ) + { + if ( !line.startsWith( "#" ) && !line.isEmpty() ) + { + String[] parts = line.split( " ", 2 ); + if ( parts.length == 2 ) + { + String old = result.put( parts[0], parts[1] ); + if ( old != null ) + { + LOGGER.warn( "Checksums file '{}' contains duplicate checksums for artifact {}: " + + "old '{}' replaced by new '{}'", checksumFile, parts[0], old, parts[1] ); + } + } + else + { + LOGGER.warn( "Checksums file '{}' ignored malformed line '{}'", checksumFile, line ); + } + } + line = reader.readLine(); Review Comment: Why not put `reader.readLine()` in the while condition? ########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java: ########## @@ -0,0 +1,172 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.NoSuchFileException; +import java.nio.file.Path; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.util.artifact.ArtifactIdUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that use specified directory as base + * directory, where it expects a "summary" file named as "checksums.${checksumExt}" for each checksum algorithm, and + * file format is artifact ID and checksum separated by space per line. The format supports comments "#" (hash) and + * empty lines (both are ignored). + * <p> + * The source may be configured to be "origin aware", in that case it will factor in origin repository ID as well into + * file name (for example "central-checksums.sha1"). + * <p> + * The checksums file once loaded are cached in session, so in-flight file changes during lifecycle of session are NOT + * noticed. + * <p> + * The name of this implementation is "file-compact". + * + * @see ArtifactIdUtils#toId(Artifact) + * @since TBD + */ +@Singleton +@Named( CompactFileTrustedChecksumsSource.NAME ) +public final class CompactFileTrustedChecksumsSource + extends FileTrustedChecksumsSourceSupport +{ + public static final String NAME = "file-compact"; + + private static final String CHECKSUM_FILE_PREFIX = "checksums."; + + private static final String CHECKSUMS_CACHE_KEY = NAME + "-checksums"; Review Comment: This might be nitpicking, but of this cache is an impl detail I think that the key should be prefixed with the class name. ########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java: ########## @@ -0,0 +1,172 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.NoSuchFileException; +import java.nio.file.Path; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.util.artifact.ArtifactIdUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that use specified directory as base + * directory, where it expects a "summary" file named as "checksums.${checksumExt}" for each checksum algorithm, and + * file format is artifact ID and checksum separated by space per line. The format supports comments "#" (hash) and + * empty lines (both are ignored). + * <p> + * The source may be configured to be "origin aware", in that case it will factor in origin repository ID as well into + * file name (for example "central-checksums.sha1"). + * <p> + * The checksums file once loaded are cached in session, so in-flight file changes during lifecycle of session are NOT + * noticed. + * <p> + * The name of this implementation is "file-compact". + * + * @see ArtifactIdUtils#toId(Artifact) + * @since TBD + */ +@Singleton +@Named( CompactFileTrustedChecksumsSource.NAME ) +public final class CompactFileTrustedChecksumsSource + extends FileTrustedChecksumsSourceSupport +{ Review Comment: This class has one inconsistency: All our meta files have the form: `{metafile}.{ext}` or `{metafile}-{repoId}.{ext}`. This should apply here as well. E.g., `./org/apache/maven/resolver/maven-metadata-local.xml` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
