DDI supports sha256 (#869)

* Add SHA256 file hash to ddi GET outputs Signed-off-by: Alexander Dobler <alexander.dobler3@bosch-si.com> * Integrate review findings for SHA256 changes Signed-off-by: Alexander Dobler <alexander.dobler3@bosch-si.com> * Renamed hashes to base16hases in store() parameters Signed-off-by: Alexander Dobler <alexander.dobler3@bosch-si.com> * Added missing javadoc according to sonarqube findings Signed-off-by: Alexander Dobler <alexander.dobler3@bosch-si.com>
2019-07-29 14:11:40 +02:00
parent fba6cf9787
commit bde3548846
20 changed files with 131 additions and 53 deletions
--- a/hawkbit-core/src/main/java/org/eclipse/hawkbit/artifact/repository/AbstractArtifactRepository.java
+++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/artifact/repository/AbstractArtifactRepository.java
@@ -42,27 +42,31 @@ public abstract class AbstractArtifactRepository implements ArtifactRepository {
    // is not used security related
    @SuppressWarnings("squid:S2070")
    public AbstractDbArtifact store(final String tenant, final InputStream content, final String filename,
-            final String contentType, final DbArtifactHash hash) {
+            final String contentType, final DbArtifactHash providedHashes) {
        final MessageDigest mdSHA1;
        final MessageDigest mdMD5;
+        final MessageDigest mdSHA256;
        try {
            mdSHA1 = MessageDigest.getInstance("SHA1");
            mdMD5 = MessageDigest.getInstance("MD5");
+            mdSHA256 = MessageDigest.getInstance("SHA-256");
        } catch (final NoSuchAlgorithmException e) {
            throw new ArtifactStoreException(e.getMessage(), e);
        }

        String tempFile = null;
-        try (final DigestInputStream inputstream = wrapInDigestInputStream(content, mdSHA1, mdMD5)) {
+        try (final DigestInputStream inputstream = wrapInDigestInputStream(content, mdSHA1, mdMD5, mdSHA256)) {

            tempFile = storeTempFile(inputstream);

            final String sha1Hash16 = BaseEncoding.base16().lowerCase().encode(mdSHA1.digest());
            final String md5Hash16 = BaseEncoding.base16().lowerCase().encode(mdMD5.digest());
+            final String sha256Hash16 = BaseEncoding.base16().lowerCase().encode(mdSHA256.digest());

-            checkHashes(sha1Hash16, md5Hash16, hash);
+            checkHashes(sha1Hash16, md5Hash16, sha256Hash16, providedHashes);

-            return store(sanitizeTenant(tenant), sha1Hash16, md5Hash16, contentType, tempFile);
+            return store(sanitizeTenant(tenant), new DbArtifactHash(sha1Hash16, md5Hash16, sha256Hash16), contentType,
+                    tempFile);
        } catch (final IOException e) {
            throw new ArtifactStoreException(e.getMessage(), e);
        } finally {
@@ -100,27 +104,35 @@ public abstract class AbstractArtifactRepository implements ArtifactRepository {
        }
    }

-    private static void checkHashes(final String sha1Hash16, final String md5Hash16, final DbArtifactHash hash) {
-        if (hash == null) {
+    private static void checkHashes(final String sha1Hash16, final String md5Hash16, final String sha256Hash16,
+            final DbArtifactHash providedHashes) {
+        if (providedHashes == null) {
            return;
        }
-        if (hash.getSha1() != null && !sha1Hash16.equals(hash.getSha1())) {
-            throw new HashNotMatchException("The given sha1 hash " + hash.getSha1()
-                    + " does not match with the calcualted sha1 hash " + sha1Hash16, HashNotMatchException.SHA1);
+        if (areHashesNotMatching(providedHashes.getSha1(), sha1Hash16)) {
+            throw new HashNotMatchException("The given sha1 hash " + providedHashes.getSha1()
+                    + " does not match the calculated sha1 hash " + sha1Hash16, HashNotMatchException.SHA1);
        }
-        if (hash.getMd5() != null && !md5Hash16.equals(hash.getMd5())) {
-            throw new HashNotMatchException(
-                    "The given md5 hash " + hash.getMd5() + " does not match with the calcualted md5 hash " + md5Hash16,
-                    HashNotMatchException.MD5);
+        if (areHashesNotMatching(providedHashes.getMd5(), md5Hash16)) {
+            throw new HashNotMatchException("The given md5 hash " + providedHashes.getMd5()
+                    + " does not match the calculated md5 hash " + md5Hash16, HashNotMatchException.MD5);
+        }
+        if (areHashesNotMatching(providedHashes.getSha256(), sha256Hash16)) {
+            throw new HashNotMatchException("The given sha256 hash " + providedHashes.getSha256()
+                    + " does not match the calculated sha256 hash " + sha256Hash16, HashNotMatchException.SHA256);
        }
    }

-    protected abstract AbstractDbArtifact store(final String tenant, final String sha1Hash16, final String mdMD5Hash16,
+    private static boolean areHashesNotMatching(String providedHashValue, String hashValue) {
+        return providedHashValue != null && !hashValue.equals(providedHashValue);
+    }
+
+    protected abstract AbstractDbArtifact store(final String tenant, final DbArtifactHash base16Hashes,
            final String contentType, final String tempFile) throws IOException;

    private static DigestInputStream wrapInDigestInputStream(final InputStream input, final MessageDigest mdSHA1,
-            final MessageDigest mdMD5) {
-        return new DigestInputStream(new DigestInputStream(input, mdMD5), mdSHA1);
+            final MessageDigest mdMD5, final MessageDigest mdSHA256) {
+        return new DigestInputStream(new DigestInputStream(new DigestInputStream(input, mdSHA256), mdMD5), mdSHA1);
    }

    protected static String sanitizeTenant(final String tenant) {
--- a/hawkbit-core/src/main/java/org/eclipse/hawkbit/artifact/repository/HashNotMatchException.java
+++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/artifact/repository/HashNotMatchException.java
@@ -21,6 +21,7 @@ public class HashNotMatchException extends RuntimeException {

    public static final String SHA1 = "SHA-1";
    public static final String MD5 = "MD5";
+    public static final String SHA256 = "SHA-256";

    private final String hashFunction;

--- a/hawkbit-core/src/main/java/org/eclipse/hawkbit/artifact/repository/model/DbArtifactHash.java
+++ b/hawkbit-core/src/main/java/org/eclipse/hawkbit/artifact/repository/model/DbArtifactHash.java
@@ -18,6 +18,8 @@ public class DbArtifactHash {

    private final String md5;

+    private final String sha256;
+
    /**
     * Constructor.
     * 
@@ -25,10 +27,13 @@ public class DbArtifactHash {
     *            the sha1 hash
     * @param md5
     *            the md5 hash
+     * @param sha256
+     *            the sha256 hash
     */
-    public DbArtifactHash(final String sha1, final String md5) {
+    public DbArtifactHash(final String sha1, final String md5, final String sha256) {
        this.sha1 = sha1;
        this.md5 = md5;
+        this.sha256 = sha256;
    }

    public String getSha1() {
@@ -39,4 +44,7 @@ public class DbArtifactHash {
        return md5;
    }

+    public String getSha256() {
+        return sha256;
+    }
 }