1 package org.apache.maven.archiva.reporting.processor;
4 * Copyright 2005-2006 The Apache Software Foundation.
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
19 import org.apache.maven.artifact.repository.ArtifactRepository;
20 import org.apache.maven.artifact.repository.metadata.RepositoryMetadata;
21 import org.apache.maven.archiva.reporting.processor.MetadataReportProcessor;
22 import org.apache.maven.archiva.reporting.database.ReportingDatabase;
23 import org.codehaus.plexus.digest.Digester;
24 import org.codehaus.plexus.digest.DigesterException;
25 import org.apache.commons.io.FileUtils;
28 import java.io.IOException;
31 * This class reports invalid and mismatched checksums of artifacts and metadata files.
32 * It validates MD5 and SHA-1 checksums.
34 * @plexus.component role="org.apache.maven.archiva.reporting.processor.MetadataReportProcessor" role-hint="checksum-metadata"
36 public class ChecksumMetadataReportProcessor
37 implements MetadataReportProcessor
40 * @plexus.requirement role-hint="sha1"
42 private Digester sha1Digester;
45 * @plexus.requirement role-hint="md5"
47 private Digester md5Digester;
49 private static final String ROLE_HINT = "checksum-metadata";
52 * Validate the checksums of the metadata. Get the metadata file from the
53 * repository then validate the checksum.
55 public void processMetadata( RepositoryMetadata metadata, ArtifactRepository repository,
56 ReportingDatabase reporter )
58 if ( !"file".equals( repository.getProtocol() ) )
60 // We can't check other types of URLs yet. Need to use Wagon, with an exists() method.
61 throw new UnsupportedOperationException(
62 "Can't process repository '" + repository.getUrl() + "'. Only file based repositories are supported" );
65 //check if checksum files exist
66 String path = repository.pathOfRemoteRepositoryMetadata( metadata );
67 File file = new File( repository.getBasedir(), path );
69 verifyChecksum( repository, path + ".md5", file, md5Digester, reporter, metadata );
70 verifyChecksum( repository, path + ".sha1", file, sha1Digester, reporter, metadata );
73 private void verifyChecksum( ArtifactRepository repository, String path, File file, Digester digester,
74 ReportingDatabase reporter, RepositoryMetadata metadata )
76 File checksumFile = new File( repository.getBasedir(), path );
77 if ( checksumFile.exists() )
81 digester.verify( file, FileUtils.readFileToString( checksumFile, null ) );
83 catch ( DigesterException e )
85 addFailure( reporter, metadata, "checksum-wrong", e.getMessage() );
87 catch ( IOException e )
89 addFailure( reporter, metadata, "checksum-io-exception", "Read file error: " + e.getMessage() );
94 addFailure( reporter, metadata, "checksum-missing",
95 digester.getAlgorithm() + " checksum file does not exist." );
99 private static void addFailure( ReportingDatabase reporter, RepositoryMetadata metadata, String problem,
102 // TODO: reason could be an i18n key derived from the processor and the problem ID and the
103 reporter.addFailure( metadata, ROLE_HINT, problem, reason );
projects / archiva.git / blob