DDI supports sha256 (#869)
* Add SHA256 file hash to ddi GET outputs Signed-off-by: Alexander Dobler <alexander.dobler3@bosch-si.com> * Integrate review findings for SHA256 changes Signed-off-by: Alexander Dobler <alexander.dobler3@bosch-si.com> * Renamed hashes to base16hases in store() parameters Signed-off-by: Alexander Dobler <alexander.dobler3@bosch-si.com> * Added missing javadoc according to sonarqube findings Signed-off-by: Alexander Dobler <alexander.dobler3@bosch-si.com>
This commit is contained in:
committed by
Dominic Schabel
parent
fba6cf9787
commit
bde3548846
@@ -42,27 +42,31 @@ public abstract class AbstractArtifactRepository implements ArtifactRepository {
|
||||
// is not used security related
|
||||
@SuppressWarnings("squid:S2070")
|
||||
public AbstractDbArtifact store(final String tenant, final InputStream content, final String filename,
|
||||
final String contentType, final DbArtifactHash hash) {
|
||||
final String contentType, final DbArtifactHash providedHashes) {
|
||||
final MessageDigest mdSHA1;
|
||||
final MessageDigest mdMD5;
|
||||
final MessageDigest mdSHA256;
|
||||
try {
|
||||
mdSHA1 = MessageDigest.getInstance("SHA1");
|
||||
mdMD5 = MessageDigest.getInstance("MD5");
|
||||
mdSHA256 = MessageDigest.getInstance("SHA-256");
|
||||
} catch (final NoSuchAlgorithmException e) {
|
||||
throw new ArtifactStoreException(e.getMessage(), e);
|
||||
}
|
||||
|
||||
String tempFile = null;
|
||||
try (final DigestInputStream inputstream = wrapInDigestInputStream(content, mdSHA1, mdMD5)) {
|
||||
try (final DigestInputStream inputstream = wrapInDigestInputStream(content, mdSHA1, mdMD5, mdSHA256)) {
|
||||
|
||||
tempFile = storeTempFile(inputstream);
|
||||
|
||||
final String sha1Hash16 = BaseEncoding.base16().lowerCase().encode(mdSHA1.digest());
|
||||
final String md5Hash16 = BaseEncoding.base16().lowerCase().encode(mdMD5.digest());
|
||||
final String sha256Hash16 = BaseEncoding.base16().lowerCase().encode(mdSHA256.digest());
|
||||
|
||||
checkHashes(sha1Hash16, md5Hash16, hash);
|
||||
checkHashes(sha1Hash16, md5Hash16, sha256Hash16, providedHashes);
|
||||
|
||||
return store(sanitizeTenant(tenant), sha1Hash16, md5Hash16, contentType, tempFile);
|
||||
return store(sanitizeTenant(tenant), new DbArtifactHash(sha1Hash16, md5Hash16, sha256Hash16), contentType,
|
||||
tempFile);
|
||||
} catch (final IOException e) {
|
||||
throw new ArtifactStoreException(e.getMessage(), e);
|
||||
} finally {
|
||||
@@ -100,27 +104,35 @@ public abstract class AbstractArtifactRepository implements ArtifactRepository {
|
||||
}
|
||||
}
|
||||
|
||||
private static void checkHashes(final String sha1Hash16, final String md5Hash16, final DbArtifactHash hash) {
|
||||
if (hash == null) {
|
||||
private static void checkHashes(final String sha1Hash16, final String md5Hash16, final String sha256Hash16,
|
||||
final DbArtifactHash providedHashes) {
|
||||
if (providedHashes == null) {
|
||||
return;
|
||||
}
|
||||
if (hash.getSha1() != null && !sha1Hash16.equals(hash.getSha1())) {
|
||||
throw new HashNotMatchException("The given sha1 hash " + hash.getSha1()
|
||||
+ " does not match with the calcualted sha1 hash " + sha1Hash16, HashNotMatchException.SHA1);
|
||||
if (areHashesNotMatching(providedHashes.getSha1(), sha1Hash16)) {
|
||||
throw new HashNotMatchException("The given sha1 hash " + providedHashes.getSha1()
|
||||
+ " does not match the calculated sha1 hash " + sha1Hash16, HashNotMatchException.SHA1);
|
||||
}
|
||||
if (hash.getMd5() != null && !md5Hash16.equals(hash.getMd5())) {
|
||||
throw new HashNotMatchException(
|
||||
"The given md5 hash " + hash.getMd5() + " does not match with the calcualted md5 hash " + md5Hash16,
|
||||
HashNotMatchException.MD5);
|
||||
if (areHashesNotMatching(providedHashes.getMd5(), md5Hash16)) {
|
||||
throw new HashNotMatchException("The given md5 hash " + providedHashes.getMd5()
|
||||
+ " does not match the calculated md5 hash " + md5Hash16, HashNotMatchException.MD5);
|
||||
}
|
||||
if (areHashesNotMatching(providedHashes.getSha256(), sha256Hash16)) {
|
||||
throw new HashNotMatchException("The given sha256 hash " + providedHashes.getSha256()
|
||||
+ " does not match the calculated sha256 hash " + sha256Hash16, HashNotMatchException.SHA256);
|
||||
}
|
||||
}
|
||||
|
||||
protected abstract AbstractDbArtifact store(final String tenant, final String sha1Hash16, final String mdMD5Hash16,
|
||||
private static boolean areHashesNotMatching(String providedHashValue, String hashValue) {
|
||||
return providedHashValue != null && !hashValue.equals(providedHashValue);
|
||||
}
|
||||
|
||||
protected abstract AbstractDbArtifact store(final String tenant, final DbArtifactHash base16Hashes,
|
||||
final String contentType, final String tempFile) throws IOException;
|
||||
|
||||
private static DigestInputStream wrapInDigestInputStream(final InputStream input, final MessageDigest mdSHA1,
|
||||
final MessageDigest mdMD5) {
|
||||
return new DigestInputStream(new DigestInputStream(input, mdMD5), mdSHA1);
|
||||
final MessageDigest mdMD5, final MessageDigest mdSHA256) {
|
||||
return new DigestInputStream(new DigestInputStream(new DigestInputStream(input, mdSHA256), mdMD5), mdSHA1);
|
||||
}
|
||||
|
||||
protected static String sanitizeTenant(final String tenant) {
|
||||
|
||||
@@ -21,6 +21,7 @@ public class HashNotMatchException extends RuntimeException {
|
||||
|
||||
public static final String SHA1 = "SHA-1";
|
||||
public static final String MD5 = "MD5";
|
||||
public static final String SHA256 = "SHA-256";
|
||||
|
||||
private final String hashFunction;
|
||||
|
||||
|
||||
@@ -18,6 +18,8 @@ public class DbArtifactHash {
|
||||
|
||||
private final String md5;
|
||||
|
||||
private final String sha256;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
@@ -25,10 +27,13 @@ public class DbArtifactHash {
|
||||
* the sha1 hash
|
||||
* @param md5
|
||||
* the md5 hash
|
||||
* @param sha256
|
||||
* the sha256 hash
|
||||
*/
|
||||
public DbArtifactHash(final String sha1, final String md5) {
|
||||
public DbArtifactHash(final String sha1, final String md5, final String sha256) {
|
||||
this.sha1 = sha1;
|
||||
this.md5 = md5;
|
||||
this.sha256 = sha256;
|
||||
}
|
||||
|
||||
public String getSha1() {
|
||||
@@ -39,4 +44,7 @@ public class DbArtifactHash {
|
||||
return md5;
|
||||
}
|
||||
|
||||
public String getSha256() {
|
||||
return sha256;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user