001package org.eclipse.aether.spi.checksums; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import java.io.IOException; 023import java.util.List; 024import java.util.Map; 025 026import org.eclipse.aether.RepositorySystemSession; 027import org.eclipse.aether.artifact.Artifact; 028import org.eclipse.aether.repository.ArtifactRepository; 029import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; 030 031/** 032 * Component able to provide (trusted) checksums for artifacts. 033 * <p> 034 * Note: the "trusted" meaning depends solely on implementation and the user using it. Resolver itself does nothing 035 * for "trust" (like some crypto magic or what not). It all boils down that the source being used by implementation is 036 * "trusted" by user or not. 037 * 038 * @since 1.9.0 039 */ 040public interface TrustedChecksumsSource 041{ 042 /** 043 * May return the trusted checksums (for given artifact) from trusted source, or {@code null} if not enabled. 044 * Enabled trusted checksum source SHOULD return non-null (empty map) result, when it has no data for given 045 * artifact. Empty map means in this case "no information", but how that case is interpreted depends on consumer 046 * for trusted checksums. 047 * 048 * @param session The repository system session, never {@code null}. 049 * @param artifact The artifact we want checksums for, never {@code null}. 050 * @param artifactRepository The origin repository: local, workspace, remote repository, never {@code null}. 051 * @param checksumAlgorithmFactories The checksum algorithms that are expected, never {@code null}. 052 * @return Map of expected checksums, or {@code null} if not enabled. 053 */ 054 Map<String, String> getTrustedArtifactChecksums( RepositorySystemSession session, 055 Artifact artifact, 056 ArtifactRepository artifactRepository, 057 List<ChecksumAlgorithmFactory> checksumAlgorithmFactories ); 058 059 /** 060 * A writer that is able to write/add trusted checksums to this implementation. 061 */ 062 interface Writer 063 { 064 /** 065 * Performs whatever implementation requires to "set" (write/add/append) given map of trusted checksums. 066 * The passed in list of checksum algorithm factories and the map must have equal size and mapping must 067 * contain all algorithm names in list. 068 */ 069 void addTrustedArtifactChecksums( Artifact artifact, 070 ArtifactRepository artifactRepository, 071 List<ChecksumAlgorithmFactory> checksumAlgorithmFactories, 072 Map<String, String> trustedArtifactChecksums ) throws IOException; 073 } 074 075 /** 076 * Some trusted checksums sources may implement this optional method: ability to write/add checksums to them. 077 * If source does not support this feature, method should return {@code null}. 078 */ 079 Writer getTrustedArtifactChecksumsWriter( RepositorySystemSession session ); 080}