[
https://issues.apache.org/jira/browse/MRESOLVER-276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17615340#comment-17615340
]
ASF GitHub Bot commented on MRESOLVER-276:
------------------------------------------
cstamas commented on code in PR #200:
URL: https://github.com/apache/maven-resolver/pull/200#discussion_r991617468
##########
maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/resolution/TrustedChecksumArtifactResolverPostProcessor.java:
##########
@@ -0,0 +1,231 @@
+package org.eclipse.aether.internal.impl.resolution;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+
+import org.eclipse.aether.RepositorySystemSession;
+import org.eclipse.aether.artifact.Artifact;
+import org.eclipse.aether.repository.ArtifactRepository;
+import org.eclipse.aether.resolution.ArtifactResult;
+import org.eclipse.aether.spi.checksums.TrustedChecksumsSource;
+import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory;
+import
org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactorySelector;
+import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmHelper;
+import org.eclipse.aether.transfer.ChecksumFailureException;
+import org.eclipse.aether.util.ConfigUtils;
+import org.eclipse.aether.util.artifact.ArtifactIdUtils;
+
+import static java.util.Objects.requireNonNull;
+
+/**
+ * Artifact resolver processor that verifies the checksums of all resolved
artifacts against trusted checksums. Is also
+ * able to "record" (calculate and write them) to trusted checksum sources,
that do support this operation.
+ *
+ * @since TBD
+ */
+@Singleton
+@Named( TrustedChecksumArtifactResolverPostProcessor.NAME )
+public final class TrustedChecksumArtifactResolverPostProcessor
+ extends ArtifactResolverPostProcessorSupport
+{
+ public static final String NAME = "trusted-checksum";
+
+ private static final String CONF_CHECKSUM_ALGORITHMS =
"checksumAlgorithms";
+
+ private static final String DEFAULT_CHECKSUM_ALGORITHMS = "SHA-1";
+
+ private static final String CONF_FAIL_IF_MISSING = "failIfMissing";
+
+ private static final String CONF_RECORD = "record";
+
+ private static final String CHECKSUM_ALGORITHMS_CACHE_KEY =
+ TrustedChecksumArtifactResolverPostProcessor.class.getName() +
".checksumAlgorithms";
+
+ private final ChecksumAlgorithmFactorySelector
checksumAlgorithmFactorySelector;
+
+ private final Map<String, TrustedChecksumsSource> trustedChecksumsSources;
+
+ @Inject
+ public TrustedChecksumArtifactResolverPostProcessor(
+ ChecksumAlgorithmFactorySelector checksumAlgorithmFactorySelector,
+ Map<String, TrustedChecksumsSource> trustedChecksumsSources )
+ {
+ super( NAME );
+ this.checksumAlgorithmFactorySelector = requireNonNull(
checksumAlgorithmFactorySelector );
+ this.trustedChecksumsSources = requireNonNull( trustedChecksumsSources
);
+ }
+
+ @SuppressWarnings( "unchecked" )
+ @Override
+ protected void doProcess( RepositorySystemSession session,
List<ArtifactResult> artifactResults )
+ {
+ final List<ChecksumAlgorithmFactory> checksumAlgorithms =
(List<ChecksumAlgorithmFactory>) session.getData()
+ .computeIfAbsent( CHECKSUM_ALGORITHMS_CACHE_KEY, () ->
+ checksumAlgorithmFactorySelector.select(
+ ConfigUtils.parseCommaSeparatedUniqueNames(
ConfigUtils.getString(
+ session, DEFAULT_CHECKSUM_ALGORITHMS,
CONF_CHECKSUM_ALGORITHMS ) )
+ ) );
+
+ final boolean failIfMissing = ConfigUtils.getBoolean(
+ session, false, configPropKey( CONF_FAIL_IF_MISSING ) );
+ final boolean record = ConfigUtils.getBoolean( session, false,
configPropKey( CONF_RECORD ) );
+
+ for ( ArtifactResult artifactResult : artifactResults )
+ {
+ if ( artifactResult.isResolved() )
+ {
+ if ( record )
Review Comment:
If "record" configured, the inforation is collected here, yes.
> Resolver post-processor
> -----------------------
>
> Key: MRESOLVER-276
> URL: https://issues.apache.org/jira/browse/MRESOLVER-276
> Project: Maven Resolver
> Issue Type: Improvement
> Components: Resolver
> Reporter: Tamas Cservenak
> Assignee: Tamas Cservenak
> Priority: Major
> Fix For: resolver-next
>
>
> Introduce new feature, resolver post-processor that is able to post process
> resolution results just before artifact resolver returns them to caller. Post
> processor should be able to signal resolution failure (along with errors)
> just like existing resolution may fail.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
