in src/main/java/org/apache/sling/cli/impl/release/VerifyReleasesCommand.java [72:146]
public Integer call() {
int checksRun = 0;
int failedChecks = 0;
try {
LocalRepository repository = repositoryService.download(repositoryService.find(repositoryId));
Path repositoryRootPath = repository.getRootFolder();
Artifact pom = null;
Path pomPath = null;
for (Artifact artifact : repository.getArtifacts()) {
if ("pom".equals(artifact.getType())) {
pom = artifact;
pomPath = repositoryRootPath.resolve(artifact.getRepositoryRelativePath());
}
Path artifactFilePath = repositoryRootPath.resolve(artifact.getRepositoryRelativePath());
Path artifactSignaturePath = repositoryRootPath.resolve(artifact.getRepositoryRelativeSignaturePath());
PGPSignatureValidator.ValidationResult validationResult = pgpSignatureValidator.verify(artifactFilePath,
artifactSignaturePath);
checksRun++;
if (!validationResult.isValid()) {
failedChecks++;
}
HashValidator.ValidationResult sha1validationResult = hashValidator.validate(artifactFilePath,
repositoryRootPath.resolve(artifact.getRepositoryRelativeSha1SumPath()), "SHA-1");
checksRun++;
if (!sha1validationResult.isValid()) {
failedChecks++;
}
HashValidator.ValidationResult md5validationResult = hashValidator.validate(artifactFilePath,
repositoryRootPath.resolve(artifact.getRepositoryRelativeMd5SumPath()), "MD5");
checksRun++;
if (!md5validationResult.isValid()) {
failedChecks++;
}
LOGGER.info("\n{}", artifactFilePath.getFileName().toString());
PGPPublicKey key = validationResult.getKey();
LOGGER.info("GPG: {}", validationResult.isValid()
? String.format("signed by %s with key (id=0x%X; " + "fingerprint=%s)", getKeyUserId(key),
key.getKeyID(), Hex.toHexString(key.getFingerprint()).toUpperCase(Locale.US))
: "INVALID");
LOGGER.info("SHA-1: {}",
sha1validationResult.isValid()
? String.format("VALID (%s)", sha1validationResult.getActualHash())
: String.format("INVALID (expected %s, got %s)", sha1validationResult.getExpectedHash(),
sha1validationResult.getActualHash()));
LOGGER.info("MD-5: {}",
md5validationResult.isValid() ? String.format("VALID (%s)", md5validationResult.getActualHash())
: String.format("INVALID (expected %s, got %s)", md5validationResult.getExpectedHash(),
md5validationResult.getActualHash()));
}
if (pom != null && pomPath != null) {
if (ciStatusValidator.shouldCheck(pom, pomPath)) {
CIStatusValidator.ValidationResult ciValidationResult = ciStatusValidator.isValid(pomPath);
LOGGER.info("\nCI Status: {}",
ciValidationResult.isValid() ? String.format("VALID: %n%s", ciValidationResult.getMessage())
: String.format("INVALID: %n%s", ciValidationResult.getMessage()));
checksRun++;
if (!ciValidationResult.isValid()) {
failedChecks++;
}
}
}
} catch (IOException e) {
LOGGER.error("Command execution failed.", e);
return CommandLine.ExitCode.SOFTWARE;
}
LOGGER.info("\n\nRelease Summary: {}\n\n");
if(failedChecks == 0){
LOGGER.info(String.format("VALID (%d checks executed)", checksRun));
return CommandLine.ExitCode.OK;
} else {
LOGGER.info(String.format("INVALID (%d of %d checks failed)", failedChecks, checksRun));
return CommandLine.ExitCode.USAGE;
}
}