💬 format: Format all checksums with capital letters (#1255)

Author: LogFlames

README.md

@@ -69,7 +69,7 @@ mvn -f pom.lockfile.xml
 - `includeMavenPlugins` (`-DincludeMavenPlugins=true`) will include the maven plugins in the lockfile. This is useful if you want to validate the Maven plugins as well.
 - `allowValidationFailure` (`-DallowValidationFailure=true`, default=false) allow validation failures, printing a warning instead of an error. This is useful if you want to only validate the Maven lockfile, but do not need to fail the build in case the lockfile is not valid. Use with caution, you loose all guarantees.
 - `includeEnvironment` (`-DincludeEnvironment=true`) will include the environment metadata in the lockfile. This is useful if you want to have warnings when the environment changes.
-- `checksumAlgorithm` (`-DchecksumAlgorithm=sha256`) will set the checksum algorithm used to generate the lockfile. If not explicitly provided it will use SHA-256.
+- `checksumAlgorithm` (`-DchecksumAlgorithm=SHA-256`) will set the checksum algorithm used to generate the lockfile. If not explicitly provided it will use SHA-256.
 - `checksumMode` will set the checksum mode used to generate the lockfile. See [Checksum Modes](/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/ChecksumModes.java) for more information.
 - `skip` (`-Dskip=true`) will skip the execution of the plugin. This is useful if you would like to disable the plugin for a specific module.
 - `lockfileName` (`-DlockfileName=my-lockfile.json` default="lockfile.json") will set the name of the lockfile file to be generated/read.

maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/ChecksumModes.java

@@ -6,9 +6,9 @@
  */
 public enum ChecksumModes {
     /**
-     * Downloads the checksum from the maven repository. Supports md5, sha1, sha256 and sha512. If the requested
+     * Downloads the checksum from the maven repository. Supports MD5, SHA-1, SHA-256 and SHA-512. If the requested
      * checksum is not found in remote repository, the artifact will be downloaded and checksum will be calculated
-     * on the downloaded artifact. The download will be verified with the sha1 checksum if it available in the remote
+     * on the downloaded artifact. The download will be verified with the SHA-1 checksum if it available in the remote
      * repository.
      */
     REMOTE("remote"),

maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/RemoteChecksumCalculator.java

@@ -26,12 +26,12 @@ public RemoteChecksumCalculator(
             ProjectBuildingRequest artifactBuildingRequest,
             ProjectBuildingRequest pluginBuildingRequest) {
         super(checksumAlgorithm);
-        if (!(checksumAlgorithm.equals("md5")
-                || checksumAlgorithm.equals("sha1")
-                || checksumAlgorithm.equals("sha256")
-                || checksumAlgorithm.equals("sha512"))) {
-            throw new IllegalArgumentException(
-                    "Invalid checksum algorithm maven central only supports md5, sha1, sha256 or sha512.");
+        if (!(checksumAlgorithm.equals("MD5")
+                || checksumAlgorithm.equals("SHA-1")
+                || checksumAlgorithm.equals("SHA-256")
+                || checksumAlgorithm.equals("SHA-512"))) {
+            throw new IllegalArgumentException("Invalid checksum algorithm '" + checksumAlgorithm
+                    + "', remote repositories only supports MD5, SHA-1, SHA-256 or SHA-512.");
         }
 
         this.artifactBuildingRequest = artifactBuildingRequest;
@@ -57,7 +57,8 @@ private Optional<String> calculateChecksumInternal(Artifact artifact, ProjectBui
             for (ArtifactRepository repository : buildingRequest.getRemoteRepositories()) {
                 String artifactUrl = repository.getUrl().replaceAll("/$", "") + "/" + groupId + "/" + artifactId + "/"
                         + version + "/" + filename;
-                String checksumUrl = artifactUrl + "." + checksumAlgorithm;
+                String checksumUrl =
+                        artifactUrl + "." + checksumAlgorithm.toLowerCase().replace("-", "");
 
                 LOGGER.debug("Checking: " + checksumUrl);
 
@@ -84,7 +85,7 @@ private Optional<String> calculateChecksumInternal(Artifact artifact, ProjectBui
                     LOGGER.info("Unable to find " + checksumAlgorithm + " checksum for " + artifact.getGroupId() + ":"
                             + artifactId + ":" + version + " on remote. Downloading and calculating locally.");
 
-                    // Fallback to and verify downloaded artifact with sha1
+                    // Fallback to and verify downloaded artifact with SHA-1
                     HttpRequest artifactVerificationRequest = HttpRequest.newBuilder()
                             .uri(URI.create(artifactUrl + ".sha1"))
                             .build();
@@ -103,20 +104,20 @@ private Optional<String> calculateChecksumInternal(Artifact artifact, ProjectBui
 
                     if (artifactVerificationResponse.statusCode() >= 200
                             && artifactVerificationResponse.statusCode() < 300) {
-                        MessageDigest verificationMessageDigest = MessageDigest.getInstance("sha1");
+                        MessageDigest verificationMessageDigest = MessageDigest.getInstance("SHA-1");
                         String sha1 = baseEncoding
                                 .encode(verificationMessageDigest.digest(artifactResponse.body()))
                                 .toLowerCase(Locale.ROOT);
 
                         if (!sha1.equals(artifactVerification)) {
-                            LOGGER.error("Invalid sha1 checksum for: " + artifactUrl);
-                            throw new RuntimeException("Invalid sha1 checksum for '" + artifact.getGroupId() + ":"
+                            LOGGER.error("Invalid SHA-1 checksum for: " + artifactUrl);
+                            throw new RuntimeException("Invalid SHA-1 checksum for '" + artifact.getGroupId() + ":"
                                     + artifactId + ":" + version + "'. Checksum found at '" + artifactUrl
                                     + ".sha1' does not match calculated checksum of downloaded file. Remote checksum = '"
                                     + artifactVerification + "'. Locally calculated checksum = '" + sha1 + "'.");
                         }
                     } else {
-                        LOGGER.warn("Unable to find sha1 to verify download of: " + artifactUrl);
+                        LOGGER.warn("Unable to find SHA-1 to verify download of: " + artifactUrl);
                     }
 
                     MessageDigest messageDigest = MessageDigest.getInstance(checksumAlgorithm);

maven_plugin/src/test/java/io/github/chains_project/maven_lockfile/graph/LockfileTest.java

@@ -11,7 +11,7 @@ public class LockfileTest {
     @Test
     void shouldLockFilesEqualWhenOrderIsChanged() {
         var metadata = new MetaData(
-                new Environment("os", "mv", "jv"), new Config(true, false, true, false, "1", "local", "sha1"));
+                new Environment("os", "mv", "jv"), new Config(true, false, true, false, "1", "local", "SHA-1"));
         var groupId = GroupId.of("g");
         var artifactId = ArtifactId.of("a");
         var version = VersionNumber.of("a");
@@ -42,7 +42,7 @@ private DependencyNode dependencyNodeA(DependencyNode child1, DependencyNode chi
                 VersionNumber.of("1"),
                 MavenScope.RUNTIME,
                 ResolvedUrl.Unresolved(),
-                "sha1",
+                "SHA-1",
                 "A");
 
         node.addChild(child1);
@@ -57,7 +57,7 @@ private DependencyNode dependencyNodeB() {
                 VersionNumber.of("1"),
                 MavenScope.RUNTIME,
                 ResolvedUrl.Unresolved(),
-                "sha1",
+                "SHA-1",
                 "B");
     }
 
@@ -68,7 +68,7 @@ private DependencyNode dependencyNodeAChild1() {
                 VersionNumber.of("1"),
                 MavenScope.RUNTIME,
                 ResolvedUrl.Unresolved(),
-                "sha1",
+                "SHA-1",
                 "1");
     }
 
@@ -79,17 +79,17 @@ private DependencyNode dependencyNodeAChild2() {
                 VersionNumber.of("1"),
                 MavenScope.RUNTIME,
                 ResolvedUrl.Unresolved(),
-                "sha1",
+                "SHA-1",
                 "2");
     }
 
     private MavenPlugin pluginA() {
         return new MavenPlugin(
-                GroupId.of("PgA"), ArtifactId.of("PA"), VersionNumber.of("1"), "sha1", "PA", ResolvedUrl.Unresolved());
+                GroupId.of("PgA"), ArtifactId.of("PA"), VersionNumber.of("1"), "SHA-1", "PA", ResolvedUrl.Unresolved());
     }
 
     private MavenPlugin pluginB() {
         return new MavenPlugin(
-                GroupId.of("PgB"), ArtifactId.of("PB"), VersionNumber.of("1"), "sha1", "PB", ResolvedUrl.Unresolved());
+                GroupId.of("PgB"), ArtifactId.of("PB"), VersionNumber.of("1"), "SHA-1", "PB", ResolvedUrl.Unresolved());
     }
 }

maven_plugin/src/test/java/it/IntegrationTestsIT.java

@@ -384,14 +384,15 @@ public void remoteRepositoryShouldResolve(MavenExecutionResult result) throws Ex
 
     @MavenTest
     public void checksumModeRemote(MavenExecutionResult result) throws Exception {
-        // contract: if checksum mode is remote, maven-lockfile should be able to download and verify sha256 from maven
-        // central and if sha256 is not available, it should be able to .
+        // contract: if checksum mode is remote, maven-lockfile should be able to download and verify SHA-256 from maven
+        // central and if SHA-256 is not available, it should be able to .
         assertThat(result).isSuccessful();
         var lockfilePath = findFile(result, "lockfile.json");
         assertThat(lockfilePath).exists();
         var lockfile = LockFile.readLockFile(lockfilePath);
 
-        // Verify: atlassian-bandana:0.2.0 is hosted on packages.atlassian.com which doesn't provide sha256, sha256 has
+        // Verify: atlassian-bandana:0.2.0 is hosted on packages.atlassian.com which doesn't provide SHA-256, SHA-256
+        // has
         // to be calculated
         var dep1Checksum = lockfile.getDependencies().stream()
                 .filter(dependency -> dependency
@@ -401,18 +402,18 @@ public void checksumModeRemote(MavenExecutionResult result) throws Exception {
         assertThat(dep1Checksum).isNotNull();
         result.getMavenLog();
 
-        // Verify: jsap:2.1 is hosted on repo.maven.apache.org which doesn't provide sha256, and who's sha1 has a
-        // different format (providing `checksum path` instead of `checksum`). Sha1 should still succeed as the
+        // Verify: jsap:2.1 is hosted on repo.maven.apache.org which doesn't provide SHA-256, and who's SHA-1 has a
+        // different format (providing `checksum path` instead of `checksum`). SHA-1 should still succeed as the
         // `checksum` is verified aganist up until the first space, thus excluding the path of the file when the
-        // sha1 was generated. Sha256 has to be calculated.
+        // SHA-1 was generated. SHA-256 has to be calculated.
         var dep2Checksum = lockfile.getDependencies().stream()
                 .filter(dependency -> dependency
                         .getChecksum()
                         .equals("331746fa62cfbc3368260c5a2e660936ad11be612308c120a044e120361d474e"))
                 .findAny();
         assertThat(dep2Checksum).isNotNull();
 
-        // Verify: spoon-core:11.1.0 is hosted on maven central and directly provides sha256 checksums
+        // Verify: spoon-core:11.1.0 is hosted on maven central and directly provides SHA-256 checksums
         var dep3Checksum = lockfile.getDependencies().stream()
                 .filter(dependency -> dependency
                         .getChecksum()

maven_plugin/src/test/resources-its/it/IntegrationTestsIT/checksumModeRemote/pom.xml

@@ -56,7 +56,7 @@
         </executions>
         <configuration>
           <checksumMode>remote</checksumMode>
-          <checksumAlgorithm>sha256</checksumAlgorithm>
+          <checksumAlgorithm>SHA-256</checksumAlgorithm>
         </configuration>
       </plugin>
     </plugins>