Merge pull request #30 from Jannyboy11/check-downloadedfiles-integrity

Check for sha1 hashes of jars downloaded from Maven Central.

JavaExample/pom.xml

@@ -20,7 +20,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.11.0</version>
+                <version>3.13.0</version>
                 <configuration>
                     <release>21</release>
                     <compilerArgs>--enable-preview</compilerArgs>

Scala3Example/pom.xml

@@ -12,7 +12,7 @@
     <artifactId>Scala3Example</artifactId>
 
     <properties>
-        <scala.boostrapVersion>2.13.12</scala.boostrapVersion>
+        <scala.boostrapVersion>2.13.15</scala.boostrapVersion>
         <scala.version>3.6.2</scala.version>
     </properties>
 
@@ -28,7 +28,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.11.0</version>
+                <version>3.13.0</version>
                 <configuration>
                     <release>8</release>
                     <parameters>true</parameters>
@@ -112,13 +112,6 @@
             <version>1.21.4-R0.1-SNAPSHOT</version>
             <scope>provided</scope>
         </dependency>
-
-        <dependency>
-            <groupId>dev.zio</groupId>
-            <artifactId>zio_3</artifactId>
-            <version>2.0.2</version>
-            <scope>provided</scope>
-        </dependency>
     </dependencies>
 
 

Scala3Example/src/main/scala/xyz/janboerman/scalaloader/example/scala3/ExamplePlugin.scala

@@ -3,13 +3,10 @@ package xyz.janboerman.scalaloader.example.scala3
 import xyz.janboerman.scalaloader.configurationserializable.runtime.{Codec, RuntimeConversions}
 import xyz.janboerman.scalaloader.plugin.description.{Api, ApiVersion, Scala, ScalaVersion}
 import xyz.janboerman.scalaloader.plugin.{ScalaPlugin, ScalaPluginDescription}
-import zio.{ZIO, Console}
 
 @Scala(version = ScalaVersion.v3_6_2)
 object ExamplePlugin extends ScalaPlugin {
 
-    var syncRuntime = new BukkitRuntime(this).syncRuntime
-
     override def onEnable(): Unit =
         getLogger.info("Hello from Scala 3!")
 
@@ -21,14 +18,6 @@ object ExamplePlugin extends ScalaPlugin {
         JavaMapTest.test()
         ScalaMapTest.test()
 
-        val fortyTwo: ZIO[Any, Nothing, Int] = ZIO.succeed(42)
-        val program = for
-            name <- fortyTwo.map(number => s"Jannyboy${number}")
-            _ <- Console.printLine(s"Hello $name, welcome to ZIO!")
-        yield ()
-        syncRuntime.run(program)
-
-
     def assertionsEnabled: Boolean =
         try
             assert(false)

ScalaLoader-Bukkit/pom.xml

@@ -32,7 +32,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.11.0</version>
+                <version>3.13.0</version>
                 <configuration>
                     <release>8</release>
                 </configuration>

ScalaLoader-Common/pom.xml

@@ -44,7 +44,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.11.0</version>
+                <version>3.13.0</version>
                 <configuration>
                     <release>8</release>
                     <parameters>true</parameters>

ScalaLoader-Common/src/main/java/xyz/janboerman/scalaloader/compat/IScalaVersion.java

@@ -1,7 +1,14 @@
 package xyz.janboerman.scalaloader.compat;
 
+/**
+ * Abstraction for versions of Scala.
+ */
 public interface IScalaVersion {
 
+    /**
+     * Get the version string for this version of Scala.
+     * @return the version string
+     */
     public String getVersionString();
 
 }

ScalaLoader-Common/src/main/java/xyz/janboerman/scalaloader/plugin/PluginScalaVersion.java

@@ -7,11 +7,14 @@
 import static xyz.janboerman.scalaloader.compat.Compat.*;
 import xyz.janboerman.scalaloader.compat.IScalaVersion;
 import xyz.janboerman.scalaloader.plugin.description.ScalaVersion;
+import xyz.janboerman.scalaloader.util.ScalaHashes;
 
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
+import java.util.function.Function;
+import java.util.stream.Collectors;
 
 @SerializableAs("ScalaVersion")
 public final class PluginScalaVersion implements ConfigurationSerializable, IScalaVersion {
@@ -30,7 +33,8 @@ public static void register() {
 
 
     private final String scalaVersion;
-    private final Map<String, String> urls;
+    private final Map<String, String> urls;         //uses keys such as the string constants above.
+    private final Map<String, String> sha1Hashes;   //uses same keys as urls.
 
     /**
      * @deprecated since Scala 3 there are more artifacts than just the scala standard library and the scala reflection library
@@ -43,14 +47,23 @@ public PluginScalaVersion(String scalaVersion, String libraryUrl, String reflect
 
         this.scalaVersion = scalaVersion;
         this.urls = mapOf(mapEntry(SCALA2_LIBRARY_URL, libraryUrl), mapEntry(SCALA2_REFLECT_URL, reflectUrl));
+        this.sha1Hashes = emptyMap();
     }
 
+    /** @deprecated use {@linkplain #PluginScalaVersion(String, Map, Map)} instead.*/
+    @Deprecated
     public PluginScalaVersion(String scalaVersion, Map<String, String> urls) {
+        this(scalaVersion, urls, emptyMap());
+    }
+
+    public PluginScalaVersion(String scalaVersion, Map<String, String> urls, Map<String, String> sha1hashes) {
         Objects.requireNonNull(scalaVersion, "scalaVersion cannot be null!");
         Objects.requireNonNull(urls, "urls cannot be null!");
+        Objects.requireNonNull(sha1hashes, "sha1hashes cannot be null!");
 
         this.scalaVersion = scalaVersion;
         this.urls = mapCopy(urls);
+        this.sha1Hashes = mapCopy(sha1hashes);
     }
 
 
@@ -62,11 +75,23 @@ public Map<String, String> getUrls() {
         return Collections.unmodifiableMap(urls);
     }
 
+    public Map<String, String> getSha1Hashes() {
+        return Collections.unmodifiableMap(sha1Hashes);
+    }
+
+    /**
+     * @deprecated use {@linkplain #getUrls()} instead.
+     * @see #SCALA2_LIBRARY_URL
+     */
     @Deprecated
     public String getScalaLibraryUrl() {
         return urls.get(SCALA2_LIBRARY_URL);
     }
 
+    /**
+     * @deprecated use {@linkplain #getUrls()} instead.
+     * @see #SCALA2_REFLECT_URL
+     */
     @Deprecated
     public String getScalaReflectUrl() {
         return urls.get(SCALA2_REFLECT_URL);
@@ -102,6 +127,9 @@ public Map<String, Object> serialize() {
         for (Map.Entry<String, String> urlEntry : urls.entrySet()) {
             map.put(urlEntry.getKey(), urlEntry.getValue());
         }
+        for (Map.Entry<String, String> hashEntry : sha1Hashes.entrySet()) {
+            map.put(hashEntry.getKey() + "-sha1", hashEntry.getValue());
+        }
 
         return map;
     }
@@ -112,17 +140,26 @@ public static PluginScalaVersion deserialize(Map<String, Object> map) {
         String scalaVersion = map.remove(SCALA_VERSION).toString();
 
         Map<String, String> urls = new HashMap<>();
+        Map<String, String> sha1hashes = new HashMap<>();
         for (Map.Entry<String, Object> entry : map.entrySet()) {
-            urls.put(entry.getKey(), entry.getValue().toString());
+            String key = entry.getKey();
+            if (key.endsWith("-sha1")) {
+                sha1hashes.put(key, entry.getValue().toString());
+            } else {
+                urls.put(key, entry.getValue().toString());
+            }
         }
 
-        return new PluginScalaVersion(scalaVersion, urls);
+        return new PluginScalaVersion(scalaVersion, urls, sha1hashes);
     }
 
     public static PluginScalaVersion fromScalaVersion(ScalaVersion scalaVersion) {
-        return new PluginScalaVersion(
-                scalaVersion.getVersion(),
-                scalaVersion.getUrls());
+        String version = scalaVersion.getVersion();
+        Map<String, String> urls = scalaVersion.getUrls();
+        Map<String, String> sha1Hashes = urls.keySet().stream()
+                .collect(Collectors.toMap(Function.identity(), urlKey -> ScalaHashes.getSha1(version, urlKey)));
+
+        return new PluginScalaVersion(version, urls, sha1Hashes);
     }
 
     @Override

ScalaLoader-Common/src/main/java/xyz/janboerman/scalaloader/plugin/description/DescriptionScanner.java

@@ -180,6 +180,7 @@ private class CustomScalaAnnotationVisitor extends AnnotationVisitor {
 
         private String version;
         private final Map<String, String> urls = new HashMap<>();
+        private final Map<String, String> sha1s = new HashMap<>();
 
         private CustomScalaAnnotationVisitor() {
             super(ASM_API);
@@ -195,6 +196,8 @@ public void visit(String name, Object value) {
                             case "value":               version = value.toString();                                         break;
                             case "scalaLibraryUrl":     urls.put(PluginScalaVersion.SCALA2_LIBRARY_URL, value.toString());  break;
                             case "scalaReflectUrl":     urls.put(PluginScalaVersion.SCALA2_REFLECT_URL, value.toString());  break;
+                            case "scalaLibrarySha1":    sha1s.put(PluginScalaVersion.SCALA2_LIBRARY_URL, value.toString()); break;
+                            case "scalaReflectSha1":    sha1s.put(PluginScalaVersion.SCALA2_REFLECT_URL, value.toString()); break;
                         }
                     }
 
@@ -206,18 +209,23 @@ public AnnotationVisitor visitAnnotation(String name, String descriptor) {
                                 return SCALALIBRARY_ANNOTATION_DESCRIPTOR.equals(descriptor) ? new AnnotationVisitor(ASM_API) {
                                     String name = null;
                                     String url = null;
+                                    String sha1 = null;
 
                                     @Override
                                     public void visit(String name, Object value) {
                                         if ("name".equals(name)) this.name = (String) value;
                                         else if ("url".equals(name)) this.url = (String) value;
+                                        else if ("sha1".equals(name)) this.sha1 = (String) value;
                                     }
 
                                     @Override
                                     public void visitEnd() {
                                         if (name != null && url != null) {
                                             urls.put(name, url);
                                         }
+                                        if (name != null && sha1 != null && !sha1.isEmpty()) {
+                                            sha1s.put(name, sha1);
+                                        }
                                     }
                                 } : null;
                             }
@@ -228,7 +236,7 @@ public void visitEnd() {
 
         @Override
         public void visitEnd() {
-            scalaVersion = new PluginScalaVersion(version, urls);
+            scalaVersion = new PluginScalaVersion(version, urls, sha1s);
         }
     }
 

ScalaLoader-Common/src/main/java/xyz/janboerman/scalaloader/plugin/description/ScalaVersion.java

@@ -1,6 +1,7 @@
 package xyz.janboerman.scalaloader.plugin.description;
 
 import static xyz.janboerman.scalaloader.compat.Compat.*;
+
 import xyz.janboerman.scalaloader.plugin.PluginScalaVersion;
 
 import java.util.Collections;
@@ -90,8 +91,6 @@ public enum ScalaVersion {
     v3_6_1("3.6.1", false),
     v3_6_2("3.6.2");
 
-    //TODO include hashes of the jars! so that the loader can verify the integrity of the jars!
-
     private static Map<String, ScalaVersion> byVersion = new HashMap<>();
     private static final ScalaVersion latest_2_13;
     static {

ScalaLoader-Common/src/main/java/xyz/janboerman/scalaloader/plugin/description/Version.java

@@ -16,6 +16,11 @@
     /** The download url for the Scala-2 reflection library (for Scala 3, use the url for Scala 2.13). */
     String scalaReflectUrl();
 
+    /** SHA-1 checksum for scala-library jar file. */
+    String scalaLibrarySha1() default "";
+    /** SHA-1 checksum for scala-reflect jar file. */
+    String scalaReflectSha1() default "";
+
     /** Download urls for additional jar files for classes not included in the standard library or reflection library. */
     ScalaLibrary[] scalaLibs() default {};
 
@@ -25,6 +30,7 @@
         String name();
         /** The download url */
         String url();
-        //TODO sha256 or some other kind of checksum hash
+        /** The SHA-1 checksum*/
+        String sha1() default "";
     }
 }

ScalaLoader-Common/src/main/java/xyz/janboerman/scalaloader/util/ArrayOps.java

@@ -2,7 +2,7 @@
 
 import java.util.Arrays;
 
-public class ArrayOps {
+public final class ArrayOps {
 
     private ArrayOps() {
     }

ScalaLoader-Common/src/main/java/xyz/janboerman/scalaloader/util/Base64.java

@@ -2,7 +2,7 @@
 
 import java.nio.charset.StandardCharsets;
 
-public class Base64 {
+public final class Base64 {
 
     private Base64() {
     }

ScalaLoader-Common/src/main/java/xyz/janboerman/scalaloader/util/ClassLoaderUtils.java

@@ -17,7 +17,7 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-public class ClassLoaderUtils {
+public final class ClassLoaderUtils {
 
     private ClassLoaderUtils() {
     }

ScalaLoader-Common/src/main/java/xyz/janboerman/scalaloader/util/ListOps.java

@@ -3,7 +3,7 @@
 import java.util.List;
 import java.util.ArrayList;
 
-public class ListOps {
+public final class ListOps {
 
     private ListOps() {
     }