[MNG-4235] Maven 2.2.0 produces invalid checksums during deployment to secured HTTP repo

o Added (disabled) IT git-svn-id: https://svn.apache.org/repos/asf/maven/core-integration-testing/trunk@793420 13f79535-47bb-0310-9956-ffa450edef68
2009-07-12 22:23:13 +00:00 · 2009-07-12 22:23:13 +00:00 · c582559005
parent 9577a20721
commit c582559005
5 changed files with 333 additions and 0 deletions
--- a/its/core-it-suite/src/test/java/org/apache/maven/it/IntegrationTestSuite.java
+++ b/its/core-it-suite/src/test/java/org/apache/maven/it/IntegrationTestSuite.java
@ -91,6 +91,7 @@ public class IntegrationTestSuite
        // suite.addTestSuite( MavenIT0109ReleaseUpdateTest.class );
        // suite.addTestSuite( MavenIT0108SnapshotUpdateTest.class ); -- MNG-3137

+        //suite.addTestSuite( MavenITmng4235HttpAuthDeploymentChecksumsTest.class );
        suite.addTestSuite( MavenITmng4231SnapshotUpdatePolicyTest.class );
        suite.addTestSuite( MavenITmng4214MirroredParentSearchReposTest.class );
        suite.addTestSuite( MavenITmng4208InterpolationPrefersCliOverProjectPropsTest.class );
--- a/its/core-it-suite/src/test/java/org/apache/maven/it/MavenITmng4235HttpAuthDeploymentChecksumsTest.java
+++ b/its/core-it-suite/src/test/java/org/apache/maven/it/MavenITmng4235HttpAuthDeploymentChecksumsTest.java
@ -0,0 +1,236 @@
+package org.apache.maven.it;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.security.DigestInputStream;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Properties;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.maven.it.Verifier;
+import org.apache.maven.it.util.ResourceExtractor;
+
+import org.mortbay.jetty.HttpMethods;
+import org.mortbay.jetty.Request;
+import org.mortbay.jetty.Server;
+import org.mortbay.jetty.handler.DefaultHandler;
+import org.mortbay.jetty.handler.HandlerList;
+import org.mortbay.jetty.handler.ResourceHandler;
+import org.mortbay.jetty.security.Constraint;
+import org.mortbay.jetty.security.ConstraintMapping;
+import org.mortbay.jetty.security.HashUserRealm;
+import org.mortbay.jetty.security.SecurityHandler;
+import org.mortbay.resource.Resource;
+import org.mortbay.util.IO;
+
+/**
+ * This is a test set for <a href="http://jira.codehaus.org/browse/MNG-4235">MNG-4235</a>.
+ * 
+ * @author Benjamin Bentmann
+ * @version $Id$
+ */
+public class MavenITmng4235HttpAuthDeploymentChecksumsTest
+    extends AbstractMavenIntegrationTestCase
+{
+
+    private File testDir;
+
+    private Server server;
+
+    private int port;
+
+    public MavenITmng4235HttpAuthDeploymentChecksumsTest()
+    {
+        super( "[2.0.5,2.2.0),(2.2.0,)" );
+    }
+
+    public void setUp()
+        throws Exception
+    {
+        super.setUp();
+
+        testDir = ResourceExtractor.simpleExtractResources( getClass(), "/mng-4235" );
+
+        ResourceHandler repoHandler = new ResourceHandler()
+        {
+            public void handle( String target, HttpServletRequest request, HttpServletResponse response, int dispatch )
+                throws IOException, ServletException
+            {
+                System.out.println( request.getMethod() + " " + request.getRequestURI() );
+
+                if ( HttpMethods.PUT.equals( request.getMethod() ) )
+                {
+                    Resource resource = getResource( request );
+                    resource.getFile().getParentFile().mkdirs();
+
+                    OutputStream os = resource.getOutputStream();
+                    try
+                    {
+                        IO.copy( request.getInputStream(), os );
+                    }
+                    finally
+                    {
+                        os.close();
+                    }
+
+                    response.setStatus( HttpServletResponse.SC_NO_CONTENT );
+
+                    ( (Request) request ).setHandled( true );
+                }
+                else
+                {
+                    super.handle( target, request, response, dispatch );
+                }
+            }
+        };
+        repoHandler.setResourceBase( testDir.getAbsolutePath() );
+
+        Constraint constraint = new Constraint();
+        constraint.setName( Constraint.__BASIC_AUTH );
+        constraint.setRoles( new String[] { "deployer" } );
+        constraint.setAuthenticate( true );
+
+        ConstraintMapping constraintMapping = new ConstraintMapping();
+        constraintMapping.setConstraint( constraint );
+        constraintMapping.setPathSpec( "/*" );
+
+        HashUserRealm userRealm = new HashUserRealm( "TestRealm" );
+        userRealm.put( "testuser", "testpass" );
+        userRealm.addUserToRole( "testuser", "deployer" );
+
+        SecurityHandler securityHandler = new SecurityHandler();
+        securityHandler.setUserRealm( userRealm );
+        securityHandler.setConstraintMappings( new ConstraintMapping[] { constraintMapping } );
+
+        HandlerList handlerList = new HandlerList();
+        handlerList.addHandler( securityHandler );
+        handlerList.addHandler( repoHandler );
+        handlerList.addHandler( new DefaultHandler() );
+
+        server = new Server( 0 );
+        server.setHandler( handlerList );
+        server.start();
+
+        port = server.getConnectors()[0].getLocalPort();
+    }
+
+    protected void tearDown()
+        throws Exception
+    {
+        if ( server != null )
+        {
+            server.stop();
+            server = null;
+        }
+
+        super.tearDown();
+    }
+
+    /**
+     * Test the creation of proper checksums during deployment to a secured HTTP repo. The pitfall with HTTP auth is
+     * that it might require double submission of the data, first during an initial PUT without credentials and second
+     * during a retried PUT with credentials in response to the auth challenge by the server. The checksum must
+     * nevertheless only be calculated on the non-doubled data stream.
+     */
+    public void testit()
+        throws Exception
+    {
+        Properties filterProps = new Properties();
+        filterProps.setProperty( "@port@", Integer.toString( port ) );
+
+        Verifier verifier = new Verifier( testDir.getAbsolutePath() );
+        verifier.filterFile( "pom-template.xml", "pom.xml", "UTF-8", filterProps );
+        verifier.setAutoclean( false );
+        verifier.deleteArtifacts( "org.apache.maven.its.mng4235" );
+        verifier.deleteDirectory( "repo" );
+        verifier.getCliOptions().add( "--settings" );
+        verifier.getCliOptions().add( "settings.xml" );
+        verifier.executeGoal( "validate" );
+        verifier.verifyErrorFreeLog();
+        verifier.resetStreams();
+
+        assertHash( verifier, "repo/org/apache/maven/its/mng4235/test/0.1/test-0.1.jar", ".sha1", "SHA-1" );
+        assertHash( verifier, "repo/org/apache/maven/its/mng4235/test/0.1/test-0.1.jar", ".md5", "MD5" );
+
+        assertHash( verifier, "repo/org/apache/maven/its/mng4235/test/0.1/test-0.1.pom", ".sha1", "SHA-1" );
+        assertHash( verifier, "repo/org/apache/maven/its/mng4235/test/0.1/test-0.1.pom", ".md5", "MD5" );
+
+        assertHash( verifier, "repo/org/apache/maven/its/mng4235/test/maven-metadata.xml", ".sha1", "SHA-1" );
+        assertHash( verifier, "repo/org/apache/maven/its/mng4235/test/maven-metadata.xml", ".md5", "MD5" );
+    }
+
+    private void assertHash( Verifier verifier, String dataFile, String hashExt, String algo )
+        throws Exception
+    {
+        String actualHash = calcHash( new File( verifier.getBasedir(), dataFile ), algo );
+
+        String expectedHash = verifier.loadLines( dataFile + hashExt, "UTF-8" ).get( 0 ).toString().trim();
+
+        assertTrue( "expected=" + expectedHash + ", actual=" + actualHash, expectedHash.equalsIgnoreCase( actualHash ) );
+    }
+
+    private String calcHash( File file, String algo )
+        throws IOException, NoSuchAlgorithmException
+    {
+        MessageDigest digester = MessageDigest.getInstance( algo );
+
+        FileInputStream is = new FileInputStream( file );
+        try
+        {
+            DigestInputStream dis = new DigestInputStream( is, digester );
+
+            for ( byte[] buffer = new byte[1024 * 4]; dis.read( buffer ) >= 0; )
+            {
+                // just read it
+            }
+        }
+        finally
+        {
+            is.close();
+        }
+
+        byte[] digest = digester.digest();
+
+        StringBuffer hash = new StringBuffer( digest.length * 2 );
+
+        for ( int i = 0; i < digest.length; i++ )
+        {
+            int b = digest[i] & 0xFF;
+
+            if ( b < 0x10 )
+            {
+                hash.append( '0' );
+            }
+
+            hash.append( Integer.toHexString( b ) );
+        }
+
+        return hash.toString();
+    }
+
+}
--- a/its/core-it-suite/src/test/resources/mng-4235/main.jar
+++ b/its/core-it-suite/src/test/resources/mng-4235/main.jar
--- a/its/core-it-suite/src/test/resources/mng-4235/pom-template.xml
+++ b/its/core-it-suite/src/test/resources/mng-4235/pom-template.xml
@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project>
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>org.apache.maven.its.mng4235</groupId>
+  <artifactId>test</artifactId>
+  <version>0.1</version>
+
+  <name>Maven Integration Test :: MNG-4235</name>
+  <description>
+    Test the creation of proper checksums during deployment to a secured HTTP repo. The pitfall with HTTP auth is
+    that it might require double submission of the data, first during an initial PUT without credentials and second
+    during a retried PUT with credentials in response to the auth challenge by the server. The checksum must
+    nevertheless only be calculated on the non-doubled data stream.
+  </description>
+
+  <distributionManagement>
+    <repository>
+      <id>maven-core-it</id>
+      <url>http://localhost:@port@/repo</url>
+    </repository>
+  </distributionManagement>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.its.plugins</groupId>
+        <artifactId>maven-it-plugin-artifact</artifactId>
+        <version>2.1-SNAPSHOT</version>
+        <configuration>
+          <mainFile>main.jar</mainFile>
+        </configuration>
+        <executions>
+          <execution>
+            <phase>validate</phase>
+            <goals>
+              <goal>set</goal>
+              <goal>attach-pom</goal>
+              <goal>deploy</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+</project>
--- a/its/core-it-suite/src/test/resources/mng-4235/settings.xml
+++ b/its/core-it-suite/src/test/resources/mng-4235/settings.xml
@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<settings>
+  <servers>
+    <server>
+      <id>maven-core-it</id>
+      <username>testuser</username>
+      <password>testpass</password>
+    </server>
+  </servers>
+</settings>