Mailing-List: contact notifications-help@ant.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@ant.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: hibou@apache.org
To: notifications@ant.apache.org
Date: Sun, 21 May 2017 17:30:38 -0000
Message-Id: <ade118692e6940b8b7db391bc613428a@git.apache.org>
Subject: [1/3] ant-ivy git commit: IVY-1554 Add support for SHA-256 SHA-512
 and SHA-384 checksum algorithms if the underlying Java runtime supports it
archived-at: Sun, 21 May 2017 17:30:41 -0000

Repository: ant-ivy
Updated Branches:
  refs/heads/master ad638fdf9 -> 7fc5eee60


IVY-1554 Add support for SHA-256 SHA-512 and SHA-384 checksum algorithms if the underlying Java runtime supports it


Project: http://git-wip-us.apache.org/repos/asf/ant-ivy/repo
Commit: http://git-wip-us.apache.org/repos/asf/ant-ivy/commit/d8c3ef13
Tree: http://git-wip-us.apache.org/repos/asf/ant-ivy/tree/d8c3ef13
Diff: http://git-wip-us.apache.org/repos/asf/ant-ivy/diff/d8c3ef13

Branch: refs/heads/master
Commit: d8c3ef1363fd2c9d88df1093db4fe04340bedec6
Parents: 7a8d27f
Author: Jaikiran Pai <jaikiran.pai@gmail.com>
Authored: Thu May 18 16:09:06 2017 +0530
Committer: Jaikiran Pai <jaikiran.pai@gmail.com>
Committed: Thu May 18 16:09:06 2017 +0530

----------------------------------------------------------------------
 doc/concept.html                                | 17 ++++--
 .../org/apache/ivy/util/ChecksumHelper.java     | 25 +++++++++
 .../resolver/FileSystemResolverTest.java        | 58 ++++++++++++++++++++
 .../checksums/allright/2.0/allright-2.0.jar     |  1 +
 .../allright/2.0/allright-2.0.jar.SHA-256       |  1 +
 .../checksums/allright/2.0/ivy-2.0.xml          | 28 ++++++++++
 .../checksums/allright/2.0/ivy-2.0.xml.SHA-256  |  1 +
 .../checksums/allright/3.0/allright-3.0.jar     |  1 +
 .../allright/3.0/allright-3.0.jar.SHA-512       |  1 +
 .../checksums/allright/3.0/ivy-3.0.xml          | 28 ++++++++++
 .../checksums/allright/3.0/ivy-3.0.xml.SHA-512  |  1 +
 11 files changed, 157 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ant-ivy/blob/d8c3ef13/doc/concept.html
----------------------------------------------------------------------
diff --git a/doc/concept.html b/doc/concept.html
index 76029f2..74463c3 100644
--- a/doc/concept.html
+++ b/doc/concept.html
@@ -200,20 +200,27 @@ If you don't want to use xml namespaces, it's possible but you will need to disa
 <span class="since">since 1.4</span>
 Ivy allows the use of checksums, also known as digests, to verify the correctness of a downloaded file.
 
-For the moment Ivy supports the md5 and sha1 algorithms.
-
-The configuration of using md5 and/or sha1 can be done globally or by dependency resolver.
-Globally, use the ivy.checksums variable to list the check to be done (only md5 and sha1 are supported).
+The configuration of using the algorithm can be done globally or by dependency resolver.
+Globally, use the ivy.checksums variable to list the check to be done.
 On each resolver you can use the checksums attribute to override the global setting.
 
 The setting is a comma separated list of checksum algorithms to use.
-During checking (at download time), the first checksum found is checked, and that's all. This means that if you have a "sha1, md5" setting, then if ivy finds a sha1 file, it will compare the downloaded file sha1 against this sha1, and if the comparison is ok, it will assume the file is ok. If no sha1 file is found, it will look for an md5 file. If none is found no checking is done.
+During checking (at download time), the first checksum found is checked, and that's all. This means that if you have a "SHA-256, sha1, md5" setting, then if ivy finds a SHA-256 file, it will compare the downloaded file SHA-256 against this SHA-256, and if the comparison is ok, it will assume the file is ok. If no SHA-256 file is found, it will look for an sha1 file. If that isn't found, then it checks for md5 and so on. If none is found no checking is done.
 During publish, all listed checksum algorithms are computed and uploaded.
 
 By default checksum algorithms are "sha1, md5".
 
 If you want to change this default, you can set the variable ivy.checksums. Hence, to disable checksum validation you just have to set ivy.checksums to "".
 
+<h2>Supported algorithms</h2>
+<span class="since">since 1.4</span>
+		<ul>
+			<li>md5</li>
+			<li>sha1</li>
+		</ul>
+<span class="since">since 2.5</span>
+Starting 2.5 version, in addition to md5 and sha1, Ivy supports SHA-256, SHA-512 and SHA-384 algorithms, if the Java runtime in which Ivy is running, supports those. For example, Java 6 runtime supports SHA-256 and SHA-512 as standard algorithms. If Ivy 2.5 and later versions are run under Java 6 or higher runtimes, these algorithms are supported by Ivy too.
+
 <h1><a name="event">Events and Triggers</a></h1>
 <span class="since">since 1.4</span>
 When Ivy performs the dependency resolution and some other tasks, it fires events before and after the most important steps. You can listen to these events using Ivy API, or you can even register a trigger to perform a particular action when a particular event occur.

http://git-wip-us.apache.org/repos/asf/ant-ivy/blob/d8c3ef13/src/java/org/apache/ivy/util/ChecksumHelper.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/ivy/util/ChecksumHelper.java b/src/java/org/apache/ivy/util/ChecksumHelper.java
index 56aa936..792f1e3 100644
--- a/src/java/org/apache/ivy/util/ChecksumHelper.java
+++ b/src/java/org/apache/ivy/util/ChecksumHelper.java
@@ -37,6 +37,31 @@ public final class ChecksumHelper {
     static {
         algorithms.put("md5", "MD5");
         algorithms.put("sha1", "SHA-1");
+
+        // higher versions of JRE support these algorithms https://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#MessageDigest
+        // conditionally add them
+        if (isAlgorithmSupportedInJRE("SHA-256")) {
+            algorithms.put("SHA-256", "SHA-256");
+        }
+        if (isAlgorithmSupportedInJRE("SHA-512")) {
+            algorithms.put("SHA-512", "SHA-512");
+        }
+        if (isAlgorithmSupportedInJRE("SHA-384")) {
+            algorithms.put("SHA-384", "SHA-384");
+        }
+
+    }
+
+    private static boolean isAlgorithmSupportedInJRE(final String algorithm) {
+        if (algorithm == null) {
+            return false;
+        }
+        try {
+            MessageDigest.getInstance(algorithm);
+            return true;
+        } catch (NoSuchAlgorithmException e) {
+            return false;
+        }
     }
 
     /**

http://git-wip-us.apache.org/repos/asf/ant-ivy/blob/d8c3ef13/test/java/org/apache/ivy/plugins/resolver/FileSystemResolverTest.java
----------------------------------------------------------------------
diff --git a/test/java/org/apache/ivy/plugins/resolver/FileSystemResolverTest.java b/test/java/org/apache/ivy/plugins/resolver/FileSystemResolverTest.java
index 863f436..c692a3c 100644
--- a/test/java/org/apache/ivy/plugins/resolver/FileSystemResolverTest.java
+++ b/test/java/org/apache/ivy/plugins/resolver/FileSystemResolverTest.java
@@ -242,6 +242,64 @@ public class FileSystemResolverTest extends AbstractDependencyResolverTest {
         assertEquals(1, dr.getArtifactsReports(DownloadStatus.SUCCESSFUL).length);
     }
 
+    /**
+     * Tests that <code>SHA-256</code> algorithm can be used for checksums on resolvers
+     * @throws Exception
+     */
+    public void testSHA256Checksum() throws Exception {
+        final FileSystemResolver resolver = new FileSystemResolver();
+        resolver.setName("sha256-checksum-resolver");
+        resolver.setSettings(settings);
+
+        resolver.addIvyPattern(settings.getBaseDir()
+                + "/test/repositories/checksums/[module]/[revision]/[artifact]-[revision].[ext]");
+        resolver.addArtifactPattern(settings.getBaseDir()
+                + "/test/repositories/checksums/[module]/[revision]/[artifact]-[revision].[ext]");
+
+        resolver.setChecksums("SHA-256");
+        final ModuleRevisionId mrid = ModuleRevisionId.newInstance("test", "allright", "2.0");
+        final ResolvedModuleRevision rmr = resolver.getDependency(new DefaultDependencyDescriptor(mrid, false), data);
+        assertNotNull("Resolved module revision was null for " + mrid, rmr);
+        final DownloadReport dr = resolver.download(rmr.getDescriptor().getAllArtifacts(), getDownloadOptions());
+        final ArtifactDownloadReport[] successfulDownloadReports = dr.getArtifactsReports(DownloadStatus.SUCCESSFUL);
+        assertNotNull("No artifacts were downloaded successfully", successfulDownloadReports);
+        assertEquals("Unexpected number of successfully downloaded artifacts", 1, successfulDownloadReports.length);
+        final ArtifactDownloadReport successfulDownloadReport = successfulDownloadReports[0];
+        final Artifact downloadedArtifact = successfulDownloadReport.getArtifact();
+        assertEquals("Unexpected organization of downloaded artifact", "test", downloadedArtifact.getModuleRevisionId().getOrganisation());
+        assertEquals("Unexpected module of downloaded artifact", "allright", downloadedArtifact.getModuleRevisionId().getModuleId().getName());
+        assertEquals("Unexpected revision of downloaded artifact", "2.0", downloadedArtifact.getModuleRevisionId().getRevision());
+    }
+
+    /**
+     * Tests that <code>SHA-512</code> algorithm can be used for checksums on resolvers
+     * @throws Exception
+     */
+    public void testSHA512Checksum() throws Exception {
+        final FileSystemResolver resolver = new FileSystemResolver();
+        resolver.setName("sha256-checksum-resolver");
+        resolver.setSettings(settings);
+
+        resolver.addIvyPattern(settings.getBaseDir()
+                + "/test/repositories/checksums/[module]/[revision]/[artifact]-[revision].[ext]");
+        resolver.addArtifactPattern(settings.getBaseDir()
+                + "/test/repositories/checksums/[module]/[revision]/[artifact]-[revision].[ext]");
+
+        resolver.setChecksums("SHA-512");
+        final ModuleRevisionId mrid = ModuleRevisionId.newInstance("test", "allright", "3.0");
+        final ResolvedModuleRevision rmr = resolver.getDependency(new DefaultDependencyDescriptor(mrid, false), data);
+        assertNotNull("Resolved module revision was null for " + mrid, rmr);
+        final DownloadReport dr = resolver.download(rmr.getDescriptor().getAllArtifacts(), getDownloadOptions());
+        final ArtifactDownloadReport[] successfulDownloadReports = dr.getArtifactsReports(DownloadStatus.SUCCESSFUL);
+        assertNotNull("No artifacts were downloaded successfully", successfulDownloadReports);
+        assertEquals("Unexpected number of successfully downloaded artifacts", 1, successfulDownloadReports.length);
+        final ArtifactDownloadReport successfulDownloadReport = successfulDownloadReports[0];
+        final Artifact downloadedArtifact = successfulDownloadReport.getArtifact();
+        assertEquals("Unexpected organization of downloaded artifact", "test", downloadedArtifact.getModuleRevisionId().getOrganisation());
+        assertEquals("Unexpected module of downloaded artifact", "allright", downloadedArtifact.getModuleRevisionId().getModuleId().getName());
+        assertEquals("Unexpected revision of downloaded artifact", "3.0", downloadedArtifact.getModuleRevisionId().getRevision());
+    }
+
     public void testCheckModified() throws Exception {
         FileSystemResolver resolver = new FileSystemResolver();
         resolver.setName("test");

http://git-wip-us.apache.org/repos/asf/ant-ivy/blob/d8c3ef13/test/repositories/checksums/allright/2.0/allright-2.0.jar
----------------------------------------------------------------------
diff --git a/test/repositories/checksums/allright/2.0/allright-2.0.jar b/test/repositories/checksums/allright/2.0/allright-2.0.jar
new file mode 100644
index 0000000..caf5069
--- /dev/null
+++ b/test/repositories/checksums/allright/2.0/allright-2.0.jar
@@ -0,0 +1 @@
+this is a completely fake jar file !!!
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ant-ivy/blob/d8c3ef13/test/repositories/checksums/allright/2.0/allright-2.0.jar.SHA-256
----------------------------------------------------------------------
diff --git a/test/repositories/checksums/allright/2.0/allright-2.0.jar.SHA-256 b/test/repositories/checksums/allright/2.0/allright-2.0.jar.SHA-256
new file mode 100644
index 0000000..43e5f0d
--- /dev/null
+++ b/test/repositories/checksums/allright/2.0/allright-2.0.jar.SHA-256
@@ -0,0 +1 @@
+1e0d1eae4b95f4e2070b46b8d8f6418ce915d336b9f9c6cd438d1817c19c22ea
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ant-ivy/blob/d8c3ef13/test/repositories/checksums/allright/2.0/ivy-2.0.xml
----------------------------------------------------------------------
diff --git a/test/repositories/checksums/allright/2.0/ivy-2.0.xml b/test/repositories/checksums/allright/2.0/ivy-2.0.xml
new file mode 100644
index 0000000..8c8ba22
--- /dev/null
+++ b/test/repositories/checksums/allright/2.0/ivy-2.0.xml
@@ -0,0 +1,28 @@
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one
+   or more contributor license agreements.  See the NOTICE file
+   distributed with this work for additional information
+   regarding copyright ownership.  The ASF licenses this file
+   to you under the Apache License, Version 2.0 (the
+   "License"); you may not use this file except in compliance
+   with the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing,
+   software distributed under the License is distributed on an
+   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+   KIND, either express or implied.  See the License for the
+   specific language governing permissions and limitations
+   under the License.    
+-->
+<ivy-module version="1.0">
+	<info organisation="test"
+	       module="allright"
+	       revision="2.0"
+	       status="integration"
+	/>
+	<publications>
+		<artifact />
+	</publications>
+</ivy-module>

http://git-wip-us.apache.org/repos/asf/ant-ivy/blob/d8c3ef13/test/repositories/checksums/allright/2.0/ivy-2.0.xml.SHA-256
----------------------------------------------------------------------
diff --git a/test/repositories/checksums/allright/2.0/ivy-2.0.xml.SHA-256 b/test/repositories/checksums/allright/2.0/ivy-2.0.xml.SHA-256
new file mode 100644
index 0000000..8d01fe5
--- /dev/null
+++ b/test/repositories/checksums/allright/2.0/ivy-2.0.xml.SHA-256
@@ -0,0 +1 @@
+6e07f0c04dea757cdaf5811a8b682b7f4d286db0ba16db5ff6c65309ff76409b
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ant-ivy/blob/d8c3ef13/test/repositories/checksums/allright/3.0/allright-3.0.jar
----------------------------------------------------------------------
diff --git a/test/repositories/checksums/allright/3.0/allright-3.0.jar b/test/repositories/checksums/allright/3.0/allright-3.0.jar
new file mode 100644
index 0000000..caf5069
--- /dev/null
+++ b/test/repositories/checksums/allright/3.0/allright-3.0.jar
@@ -0,0 +1 @@
+this is a completely fake jar file !!!
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ant-ivy/blob/d8c3ef13/test/repositories/checksums/allright/3.0/allright-3.0.jar.SHA-512
----------------------------------------------------------------------
diff --git a/test/repositories/checksums/allright/3.0/allright-3.0.jar.SHA-512 b/test/repositories/checksums/allright/3.0/allright-3.0.jar.SHA-512
new file mode 100644
index 0000000..421674a
--- /dev/null
+++ b/test/repositories/checksums/allright/3.0/allright-3.0.jar.SHA-512
@@ -0,0 +1 @@
+9c9759e09bcc1c52c135aee8042f7e63e81dcc04df0c9696bb41273502c4b7e5feabbfe780e761e7a8878f9061ad1ba860f9782d238fbc33a1b4c54c173911ac
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ant-ivy/blob/d8c3ef13/test/repositories/checksums/allright/3.0/ivy-3.0.xml
----------------------------------------------------------------------
diff --git a/test/repositories/checksums/allright/3.0/ivy-3.0.xml b/test/repositories/checksums/allright/3.0/ivy-3.0.xml
new file mode 100644
index 0000000..e45e0ae
--- /dev/null
+++ b/test/repositories/checksums/allright/3.0/ivy-3.0.xml
@@ -0,0 +1,28 @@
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one
+   or more contributor license agreements.  See the NOTICE file
+   distributed with this work for additional information
+   regarding copyright ownership.  The ASF licenses this file
+   to you under the Apache License, Version 2.0 (the
+   "License"); you may not use this file except in compliance
+   with the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing,
+   software distributed under the License is distributed on an
+   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+   KIND, either express or implied.  See the License for the
+   specific language governing permissions and limitations
+   under the License.    
+-->
+<ivy-module version="1.0">
+	<info organisation="test"
+	       module="allright"
+	       revision="3.0"
+	       status="integration"
+	/>
+	<publications>
+		<artifact />
+	</publications>
+</ivy-module>

http://git-wip-us.apache.org/repos/asf/ant-ivy/blob/d8c3ef13/test/repositories/checksums/allright/3.0/ivy-3.0.xml.SHA-512
----------------------------------------------------------------------
diff --git a/test/repositories/checksums/allright/3.0/ivy-3.0.xml.SHA-512 b/test/repositories/checksums/allright/3.0/ivy-3.0.xml.SHA-512
new file mode 100644
index 0000000..7c4a3b1
--- /dev/null
+++ b/test/repositories/checksums/allright/3.0/ivy-3.0.xml.SHA-512
@@ -0,0 +1 @@
+805b1d9877ba8859682be6b7bd82cb06ff2c5b370ec3bf039b57d26bd9b75008588a72b252488e539ee6d4f4637185fbc83a8ddb5ae3156d1784bfd392fdb419
\ No newline at end of file