001package org.eclipse.aether.repository; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import java.nio.charset.StandardCharsets; 023import java.security.MessageDigest; 024import java.security.NoSuchAlgorithmException; 025 026import org.eclipse.aether.RepositorySystemSession; 027 028/** 029 * A helper to calculate a fingerprint/digest for the authentication data of a repository/proxy. Such a fingerprint can 030 * be used to detect changes in the authentication data across JVM restarts without exposing sensitive information. 031 */ 032public final class AuthenticationDigest 033{ 034 035 private final MessageDigest digest; 036 037 private final RepositorySystemSession session; 038 039 private final RemoteRepository repository; 040 041 private final Proxy proxy; 042 043 /** 044 * Gets the fingerprint for the authentication of the specified repository. 045 * 046 * @param session The repository system session during which the fingerprint is requested, must not be {@code null}. 047 * @param repository The repository whose authentication is to be fingerprinted, must not be {@code null}. 048 * @return The fingerprint of the repository authentication or an empty string if no authentication is configured, 049 * never {@code null}. 050 */ 051 public static String forRepository( RepositorySystemSession session, RemoteRepository repository ) 052 { 053 String digest = ""; 054 Authentication auth = repository.getAuthentication(); 055 if ( auth != null ) 056 { 057 AuthenticationDigest authDigest = new AuthenticationDigest( session, repository, null ); 058 auth.digest( authDigest ); 059 digest = authDigest.digest(); 060 } 061 return digest; 062 } 063 064 /** 065 * Gets the fingerprint for the authentication of the specified repository's proxy. 066 * 067 * @param session The repository system session during which the fingerprint is requested, must not be {@code null}. 068 * @param repository The repository whose proxy authentication is to be fingerprinted, must not be {@code null}. 069 * @return The fingerprint of the proxy authentication or an empty string if no proxy is present or if no proxy 070 * authentication is configured, never {@code null}. 071 */ 072 public static String forProxy( RepositorySystemSession session, RemoteRepository repository ) 073 { 074 String digest = ""; 075 Proxy proxy = repository.getProxy(); 076 if ( proxy != null ) 077 { 078 Authentication auth = proxy.getAuthentication(); 079 if ( auth != null ) 080 { 081 AuthenticationDigest authDigest = new AuthenticationDigest( session, repository, proxy ); 082 auth.digest( authDigest ); 083 digest = authDigest.digest(); 084 } 085 } 086 return digest; 087 } 088 089 private AuthenticationDigest( RepositorySystemSession session, RemoteRepository repository, Proxy proxy ) 090 { 091 this.session = session; 092 this.repository = repository; 093 this.proxy = proxy; 094 digest = newDigest(); 095 } 096 097 private static MessageDigest newDigest() 098 { 099 try 100 { 101 return MessageDigest.getInstance( "SHA-1" ); 102 } 103 catch ( NoSuchAlgorithmException e ) 104 { 105 try 106 { 107 return MessageDigest.getInstance( "MD5" ); 108 } 109 catch ( NoSuchAlgorithmException ne ) 110 { 111 throw new IllegalStateException( ne ); 112 } 113 } 114 } 115 116 /** 117 * Gets the repository system session during which the authentication fingerprint is calculated. 118 * 119 * @return The repository system session, never {@code null}. 120 */ 121 public RepositorySystemSession getSession() 122 { 123 return session; 124 } 125 126 /** 127 * Gets the repository requiring authentication. If {@link #getProxy()} is not {@code null}, the data gathered by 128 * this authentication digest does not apply to the repository's host but rather the proxy. 129 * 130 * @return The repository to be contacted, never {@code null}. 131 */ 132 public RemoteRepository getRepository() 133 { 134 return repository; 135 } 136 137 /** 138 * Gets the proxy (if any) to be authenticated with. 139 * 140 * @return The proxy or {@code null} if authenticating directly with the repository's host. 141 */ 142 public Proxy getProxy() 143 { 144 return proxy; 145 } 146 147 /** 148 * Updates the digest with the specified strings. 149 * 150 * @param strings The strings to update the digest with, may be {@code null} or contain {@code null} elements. 151 */ 152 public void update( String... strings ) 153 { 154 if ( strings != null ) 155 { 156 for ( String string : strings ) 157 { 158 if ( string != null ) 159 { 160 digest.update( string.getBytes( StandardCharsets.UTF_8 ) ); 161 } 162 } 163 } 164 } 165 166 /** 167 * Updates the digest with the specified characters. 168 * 169 * @param chars The characters to update the digest with, may be {@code null}. 170 */ 171 @SuppressWarnings( "checkstyle:magicnumber" ) 172 public void update( char... chars ) 173 { 174 if ( chars != null ) 175 { 176 for ( char c : chars ) 177 { 178 digest.update( (byte) ( c >> 8 ) ); 179 digest.update( (byte) ( c & 0xFF ) ); 180 } 181 } 182 } 183 184 /** 185 * Updates the digest with the specified bytes. 186 * 187 * @param bytes The bytes to update the digest with, may be {@code null}. 188 */ 189 public void update( byte... bytes ) 190 { 191 if ( bytes != null ) 192 { 193 digest.update( bytes ); 194 } 195 } 196 197 @SuppressWarnings( "checkstyle:magicnumber" ) 198 private String digest() 199 { 200 byte[] bytes = digest.digest(); 201 StringBuilder buffer = new StringBuilder( bytes.length * 2 ); 202 for ( byte aByte : bytes ) 203 { 204 int b = aByte & 0xFF; 205 if ( b < 0x10 ) 206 { 207 buffer.append( '0' ); 208 } 209 buffer.append( Integer.toHexString( b ) ); 210 } 211 return buffer.toString(); 212 } 213 214}