michael-o commented on code in PR #199: URL: https://github.com/apache/maven-resolver/pull/199#discussion_r982378937
########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/FileTrustedChecksumsSourceSupport.java: ########## @@ -0,0 +1,149 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.util.List; +import java.util.Map; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.checksums.TrustedChecksumsSource; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.util.ConfigUtils; +import org.eclipse.aether.util.DirectoryUtils; + +import static java.util.Objects.requireNonNull; + +/** + * Support class for implementing {@link TrustedChecksumsSource} backed by local filesystem. It implements basic support + * like bqsedir calculation, "enabled" flag and "originAware" flag. Review Comment: typo ########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java: ########## @@ -0,0 +1,166 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.NoSuchFileException; +import java.nio.file.Path; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.util.artifact.ArtifactIdUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that use specified directory as base + * directory, where it expects a "summary" file named as "checksums.${checksumExt}" for each checksum algorithm, and + * file format is artifact ID and checksum separated by space per line. The format supports comments "#" (hash) and + * empty lines (both are ignored). + * <p> + * The source may be configured to be "origin aware", in that case it will factor in origin repository ID as well into + * file name (for example "central-checksums.sha1"). + * <p> + * The name of this implementation is "file-compact". + * + * @since TBD + */ +@Singleton +@Named( CompactFileTrustedChecksumsSource.NAME ) +public final class CompactFileTrustedChecksumsSource + extends FileTrustedChecksumsSourceSupport +{ + public static final String NAME = "file-compact"; + + private static final String CHECKSUM_FILE_PREFIX = "checksums."; + + private static final Logger LOGGER = LoggerFactory.getLogger( CompactFileTrustedChecksumsSource.class ); + + private final ConcurrentHashMap<Path, ConcurrentHashMap<String, ConcurrentHashMap<String, String>>> checksumCache; + + @Inject + public CompactFileTrustedChecksumsSource() + { + super( NAME ); + this.checksumCache = new ConcurrentHashMap<>(); + } + + @Override + protected Map<String, String> performLookup( RepositorySystemSession session, + Path basedir, + Artifact artifact, + ArtifactRepository artifactRepository, + List<ChecksumAlgorithmFactory> checksumAlgorithmFactories ) + { + final HashMap<String, String> checksums = new HashMap<>(); + final ConcurrentHashMap<String, ConcurrentHashMap<String, String>> baseDirProvidedHashes = checksumCache Review Comment: basedirProvidedChecksums ########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java: ########## @@ -0,0 +1,166 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.NoSuchFileException; +import java.nio.file.Path; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.util.artifact.ArtifactIdUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that use specified directory as base + * directory, where it expects a "summary" file named as "checksums.${checksumExt}" for each checksum algorithm, and + * file format is artifact ID and checksum separated by space per line. The format supports comments "#" (hash) and + * empty lines (both are ignored). + * <p> + * The source may be configured to be "origin aware", in that case it will factor in origin repository ID as well into + * file name (for example "central-checksums.sha1"). + * <p> + * The name of this implementation is "file-compact". + * + * @since TBD + */ +@Singleton +@Named( CompactFileTrustedChecksumsSource.NAME ) +public final class CompactFileTrustedChecksumsSource + extends FileTrustedChecksumsSourceSupport +{ + public static final String NAME = "file-compact"; + + private static final String CHECKSUM_FILE_PREFIX = "checksums."; + + private static final Logger LOGGER = LoggerFactory.getLogger( CompactFileTrustedChecksumsSource.class ); + + private final ConcurrentHashMap<Path, ConcurrentHashMap<String, ConcurrentHashMap<String, String>>> checksumCache; + + @Inject + public CompactFileTrustedChecksumsSource() + { + super( NAME ); + this.checksumCache = new ConcurrentHashMap<>(); + } + + @Override + protected Map<String, String> performLookup( RepositorySystemSession session, + Path basedir, + Artifact artifact, + ArtifactRepository artifactRepository, + List<ChecksumAlgorithmFactory> checksumAlgorithmFactories ) + { + final HashMap<String, String> checksums = new HashMap<>(); + final ConcurrentHashMap<String, ConcurrentHashMap<String, String>> baseDirProvidedHashes = checksumCache + .computeIfAbsent( basedir, b -> new ConcurrentHashMap<>() ); + final String prefix; + if ( isOriginAware( session ) ) + { + if ( artifactRepository != null ) + { + prefix = artifactRepository.getId() + "-" + CHECKSUM_FILE_PREFIX; + } + else + { + prefix = session.getLocalRepository().getId() + "-" + CHECKSUM_FILE_PREFIX; + } + } + else + { + prefix = CHECKSUM_FILE_PREFIX; + } + + for ( ChecksumAlgorithmFactory checksumAlgorithmFactory : checksumAlgorithmFactories ) + { + ConcurrentHashMap<String, String> algorithmHashes = baseDirProvidedHashes.computeIfAbsent( + checksumAlgorithmFactory.getName(), + algName -> loadProvidedHashes( + basedir.resolve( prefix + checksumAlgorithmFactory.getFileExtension() ) + ) + ); + String checksum = algorithmHashes.get( ArtifactIdUtils.toId( artifact ) ); + if ( checksum != null ) + { + checksums.put( checksumAlgorithmFactory.getName(), checksum ); + } + } + return checksums; + } + + private ConcurrentHashMap<String, String> loadProvidedHashes( Path checksumFile ) Review Comment: Same here ########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/FileTrustedChecksumsSourceSupport.java: ########## @@ -0,0 +1,149 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.util.List; +import java.util.Map; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.checksums.TrustedChecksumsSource; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.util.ConfigUtils; +import org.eclipse.aether.util.DirectoryUtils; + +import static java.util.Objects.requireNonNull; + +/** + * Support class for implementing {@link TrustedChecksumsSource} backed by local filesystem. It implements basic support + * like bqsedir calculation, "enabled" flag and "originAware" flag. + * <p> + * The configuration keys supported: + * <ul> + * <li><pre>aether.trustedChecksumsSource.${name}.enabled</pre> (boolean) must be explicitly set to "true" + * to become enabled</li> + * <li><pre>aether.trustedChecksumsSource.${name}.basedir</pre> (string, path) directory from where implementation + * can use files. If unset, default value is ".checksums" and is resolved from local repository basedir.</li> + * <li><pre>aether.trustedChecksumsSource.${name}.originAware</pre> (boolean) whether to make implementation + * "originAware", to factor in origin repository ID as well or not.</li> + * </ul> + * <p> + * This implementation ensures that implementations have "name" property, used in configuration properties above. + * + * @since TBD + */ +abstract class FileTrustedChecksumsSourceSupport + implements TrustedChecksumsSource +{ + private static final String CONFIG_PROP_PREFIX = "aether.trustedChecksumsSource."; + + private static final String CONF_NAME_ENABLED = "enabled"; + + private static final String CONF_NAME_BASEDIR = "basedir"; + + private static final String CONF_NAME_ORIGIN_AWARE = "originAware"; + + /** + * Visible for testing. + */ + static final String LOCAL_REPO_PREFIX = ".checksums"; + + private final String name; + + FileTrustedChecksumsSourceSupport( String name ) + { + this.name = requireNonNull( name ); + } + + /** + * The implementation will call into underlying code only if enabled, chosen basedir exists, and requested + * checksum algorithms are not empty. + */ + @Override + public Map<String, String> getTrustedArtifactChecksums( RepositorySystemSession session, + Artifact artifact, + ArtifactRepository artifactRepository, + List<ChecksumAlgorithmFactory> checksumAlgorithmFactories ) + { + boolean enabled = ConfigUtils.getBoolean( session, false, configPropKey( CONF_NAME_ENABLED ) ); + if ( enabled ) + { + Path baseDir = getBasedir( session ); + if ( baseDir != null && !checksumAlgorithmFactories.isEmpty() ) + { + Map<String, String> result = performLookup( + session, baseDir, artifact, artifactRepository, checksumAlgorithmFactories ); + + return result == null || result.isEmpty() ? null : result; + } + } + return null; + } + + protected abstract Map<String, String> performLookup( RepositorySystemSession session, + Path baseDir, + Artifact artifact, + ArtifactRepository artifactRepository, + List<ChecksumAlgorithmFactory> checksumAlgorithmFactories ); + + /** + * To be used by underlying implementations to form configuration property keys properly scoped. + */ + protected String configPropKey( String name ) + { + requireNonNull( name ); + return CONFIG_PROP_PREFIX + this.name + "." + name; + } + + /** + * Returns {@code true} if session configuration contains "originAware" property set to {@code true}. + */ + protected boolean isOriginAware( RepositorySystemSession session ) + { + return ConfigUtils.getBoolean( session, false, configPropKey( CONF_NAME_ORIGIN_AWARE ) ); + } + + /** + * Uses common {@link DirectoryUtils} to calculate (but not) create basedir for this implementation. Returns + * {@code null} if the calculated basedir does not exist. + */ + private Path getBasedir( RepositorySystemSession session ) + { + try + { + Path basedir = DirectoryUtils.resolveDirectory( + session, LOCAL_REPO_PREFIX, configPropKey( CONF_NAME_BASEDIR ), false ); + if ( !Files.isDirectory( basedir ) ) Review Comment: Won't this throw an exception if it isn't a dir already? ########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/CompactFileTrustedChecksumsSource.java: ########## @@ -0,0 +1,166 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.NoSuchFileException; +import java.nio.file.Path; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.util.artifact.ArtifactIdUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Compact file {@link FileTrustedChecksumsSourceSupport} implementation that use specified directory as base + * directory, where it expects a "summary" file named as "checksums.${checksumExt}" for each checksum algorithm, and + * file format is artifact ID and checksum separated by space per line. The format supports comments "#" (hash) and + * empty lines (both are ignored). + * <p> + * The source may be configured to be "origin aware", in that case it will factor in origin repository ID as well into + * file name (for example "central-checksums.sha1"). + * <p> + * The name of this implementation is "file-compact". + * + * @since TBD + */ +@Singleton +@Named( CompactFileTrustedChecksumsSource.NAME ) +public final class CompactFileTrustedChecksumsSource + extends FileTrustedChecksumsSourceSupport +{ + public static final String NAME = "file-compact"; + + private static final String CHECKSUM_FILE_PREFIX = "checksums."; + + private static final Logger LOGGER = LoggerFactory.getLogger( CompactFileTrustedChecksumsSource.class ); + + private final ConcurrentHashMap<Path, ConcurrentHashMap<String, ConcurrentHashMap<String, String>>> checksumCache; + + @Inject + public CompactFileTrustedChecksumsSource() + { + super( NAME ); + this.checksumCache = new ConcurrentHashMap<>(); + } + + @Override + protected Map<String, String> performLookup( RepositorySystemSession session, + Path basedir, + Artifact artifact, + ArtifactRepository artifactRepository, + List<ChecksumAlgorithmFactory> checksumAlgorithmFactories ) + { + final HashMap<String, String> checksums = new HashMap<>(); + final ConcurrentHashMap<String, ConcurrentHashMap<String, String>> baseDirProvidedHashes = checksumCache + .computeIfAbsent( basedir, b -> new ConcurrentHashMap<>() ); + final String prefix; + if ( isOriginAware( session ) ) + { + if ( artifactRepository != null ) + { + prefix = artifactRepository.getId() + "-" + CHECKSUM_FILE_PREFIX; + } + else + { + prefix = session.getLocalRepository().getId() + "-" + CHECKSUM_FILE_PREFIX; + } + } + else + { + prefix = CHECKSUM_FILE_PREFIX; + } + + for ( ChecksumAlgorithmFactory checksumAlgorithmFactory : checksumAlgorithmFactories ) + { + ConcurrentHashMap<String, String> algorithmHashes = baseDirProvidedHashes.computeIfAbsent( Review Comment: algorithmChecksums ########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/FileTrustedChecksumsSourceSupport.java: ########## @@ -0,0 +1,149 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.util.List; +import java.util.Map; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.checksums.TrustedChecksumsSource; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.util.ConfigUtils; +import org.eclipse.aether.util.DirectoryUtils; + +import static java.util.Objects.requireNonNull; + +/** + * Support class for implementing {@link TrustedChecksumsSource} backed by local filesystem. It implements basic support + * like bqsedir calculation, "enabled" flag and "originAware" flag. + * <p> + * The configuration keys supported: + * <ul> + * <li><pre>aether.trustedChecksumsSource.${name}.enabled</pre> (boolean) must be explicitly set to "true" + * to become enabled</li> + * <li><pre>aether.trustedChecksumsSource.${name}.basedir</pre> (string, path) directory from where implementation + * can use files. If unset, default value is ".checksums" and is resolved from local repository basedir.</li> Review Comment: Docs should state, relative or absolute or both. ########## maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/checksum/SparseFileTrustedChecksumsSource.java: ########## @@ -0,0 +1,128 @@ +package org.eclipse.aether.internal.impl.checksum; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.inject.Inject; +import javax.inject.Named; +import javax.inject.Singleton; + +import java.io.FileNotFoundException; +import java.io.IOException; +import java.nio.file.Path; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.eclipse.aether.RepositorySystemSession; +import org.eclipse.aether.artifact.Artifact; +import org.eclipse.aether.internal.impl.LocalPathComposer; +import org.eclipse.aether.repository.ArtifactRepository; +import org.eclipse.aether.spi.connector.checksum.ChecksumAlgorithmFactory; +import org.eclipse.aether.spi.io.FileProcessor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import static java.util.Objects.requireNonNull; + +/** + * Sparse file {@link FileTrustedChecksumsSourceSupport} implementation that use specified directory as base + * directory, where it expects artifacts checksums on standard Maven2 "local" layout. This implementation uses Artifact + * coordinates solely to form path from baseDir, pretty much as Maven local repository does. Review Comment: basedir -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
