001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *   http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.eclipse.aether.spi.checksums;
020
021import java.io.IOException;
022import java.util.List;
023import java.util.Map;
024
025import org.eclipse.aether.RepositorySystemSession;
026import org.eclipse.aether.artifact.Artifact;
027import org.eclipse.aether.repository.ArtifactRepository;
028import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory;
029
030/**
031 * Component able to provide (trusted) checksums for artifacts.
032 * <p>
033 * Note: the "trusted" meaning depends solely on implementation and the user using it. Resolver itself does nothing
034 * for "trust" (like some crypto magic or what not). It all boils down that the source being used by implementation is
035 * "trusted" by user or not.
036 *
037 * @since 1.9.0
038 */
039public interface TrustedChecksumsSource {
040    /**
041     * May return the trusted checksums (for given artifact) from trusted source, or {@code null} if not enabled.
042     * Enabled trusted checksum source SHOULD return non-null (empty map) result, when it has no data for given
043     * artifact. Empty map means in this case "no information", but how that case is interpreted depends on consumer
044     * for trusted checksums.
045     *
046     * @param session                    The repository system session, never {@code null}.
047     * @param artifact                   The artifact we want checksums for, never {@code null}.
048     * @param artifactRepository         The origin repository: local, workspace, remote repository, never {@code null}.
049     * @param checksumAlgorithmFactories The checksum algorithms that are expected, never {@code null}.
050     * @return Map of expected checksums, or {@code null} if not enabled.
051     */
052    Map<String, String> getTrustedArtifactChecksums(
053            RepositorySystemSession session,
054            Artifact artifact,
055            ArtifactRepository artifactRepository,
056            List<ChecksumAlgorithmFactory> checksumAlgorithmFactories);
057
058    /**
059     * A writer that is able to write/add trusted checksums to this implementation.
060     */
061    interface Writer {
062        /**
063         * Performs whatever implementation requires to "set" (write/add/append) given map of trusted checksums.
064         * The passed in list of checksum algorithm factories and the map must have equal size and mapping must
065         * contain all algorithm names in list.
066         */
067        void addTrustedArtifactChecksums(
068                Artifact artifact,
069                ArtifactRepository artifactRepository,
070                List<ChecksumAlgorithmFactory> checksumAlgorithmFactories,
071                Map<String, String> trustedArtifactChecksums)
072                throws IOException;
073    }
074
075    /**
076     * Some trusted checksums sources may implement this optional method: ability to write/add checksums to them.
077     * If source does not support this feature, method should return {@code null}.
078     */
079    Writer getTrustedArtifactChecksumsWriter(RepositorySystemSession session);
080}