Rename 'checkSignature' to 'alwaysVerifyChecksum'

Fixes #186, see the naming and documentation discussion there.

First, the plan was to just rename the one parameter and keep the one
with the old name around as deprecated. while doing so, I noticed lots
of
  - class and package names,
  - method names and parameters,
  - javadocs and comments,
referring to digest-based checksums like SHA-1 and MD5 as "signatures"
too, so I took care of globally renaming all of those too. That should
make it easier to work with the code base in the future.

README.md

@@ -37,7 +37,7 @@ mvn com.googlecode.maven-download-plugin:download-maven-plugin:1.6.3:artifact -D
 
 ### "WGet" goal
 This is meant to provide the necessary tooling for downloading anything in your Maven build without having to use Ant scripts.
-It provides caching and signature verification.
+It provides caching and checksum verification.
 ```xml
 <plugin>
 	<groupId>com.googlecode.maven-download-plugin</groupId>

src/it/alwaysOverwrite/verify.groovy

@@ -3,7 +3,7 @@
  * Given plugin configuration:
  *  - skipCache = true
  *  - overwrite = true
- *  - no signature specified
+ *  - no checksum specified
  * When Run the plugin to download the zip
  * And Save timestamp into "stamp" file
  * And Run the plugin to download the same zip

src/it/existingGetWithSignature/pom.xml

@@ -24,7 +24,7 @@
 						<configuration>
 							<url>${test.img.file.url}</url>
 							<md5>9f8fed0bb43c38c4e2079766680e0161</md5>
-							<checkSignature>true</checkSignature>
+							<alwaysVerifyChecksum>true</alwaysVerifyChecksum>
 						</configuration>
 					</execution>
 				</executions>

src/it/existingGetWithSignatureSha1/pom.xml

@@ -24,7 +24,7 @@
 						<configuration>
 							<url>${test.img.file.url}</url>
 							<sha1>c02ea6c2bc593c2ffaa20e94ea88c83fe12f232e</sha1>
-							<checkSignature>true</checkSignature>
+							<alwaysVerifyChecksum>true</alwaysVerifyChecksum>
 						</configuration>
 					</execution>
 				</executions>

src/it/existingGetWithSignatureSha256/pom.xml

@@ -24,7 +24,7 @@
 						<configuration>
 							<url>${test.img.file.url}</url>
 							<sha256>400fc4339b44f4eaa12eaa3539e2aaec747e090bc5bf491f6b37bb592e01384c</sha256>
-							<checkSignature>true</checkSignature>
+							<alwaysVerifyChecksum>true</alwaysVerifyChecksum>
 						</configuration>
 					</execution>
 				</executions>

src/it/existingGetWithSignatureSha512/pom.xml

@@ -24,7 +24,7 @@
 						<configuration>
 							<url>${test.img.file.url}</url>
 							<sha512>111790db5cbfa8a6db87a487936ffcc1f50edc558b44744f5094ecc4f91011e71d2069da790de86fca31b613131b196d9701019213a965af56e713cf009283a4</sha512>
-							<checkSignature>true</checkSignature>
+							<alwaysVerifyChecksum>true</alwaysVerifyChecksum>
 						</configuration>
 					</execution>
 				</executions>

src/main/java/com/googlecode/download/maven/plugin/internal/SignatureUtils.java → src/main/java/com/googlecode/download/maven/plugin/internal/ChecksumUtils.java

@@ -27,16 +27,16 @@
 /**
  * @author Mickael Istria (Red Hat Inc)
  */
-public class SignatureUtils {
+public class ChecksumUtils {
 
-    public static void verifySignature(File file, String expectedDigest, MessageDigest digest) throws Exception {
-        String actualDigestHex = SignatureUtils.computeSignatureAsString(file, digest);
+    public static void verifyChecksum(File file, String expectedDigest, MessageDigest digest) throws Exception {
+        String actualDigestHex = ChecksumUtils.computeChecksumAsString(file, digest);
         if (!actualDigestHex.equals(expectedDigest)) {
             throw new MojoFailureException("Not same digest as expected: expected <" + expectedDigest + "> was <" + actualDigestHex + ">");
         }
     }
 
-    public static String computeSignatureAsString(File file,
+    public static String computeChecksumAsString(File file,
         MessageDigest digest) throws IOException {
         InputStream fis = new FileInputStream(file);
         byte[] buffer = new byte[1024];
@@ -53,18 +53,18 @@ public static String computeSignatureAsString(File file,
     }
 
     public static String getMD5(File file) throws IOException, NoSuchAlgorithmException {
-        return computeSignatureAsString(file, MessageDigest.getInstance("MD5"));
+        return computeChecksumAsString(file, MessageDigest.getInstance("MD5"));
     }
 
     public static String getSHA1(File file) throws IOException, NoSuchAlgorithmException {
-        return computeSignatureAsString(file, MessageDigest.getInstance("SHA1"));
+        return computeChecksumAsString(file, MessageDigest.getInstance("SHA1"));
     }
 
     public static String getSHA256(File file) throws IOException, NoSuchAlgorithmException {
-        return computeSignatureAsString(file, MessageDigest.getInstance("SHA-256"));
+        return computeChecksumAsString(file, MessageDigest.getInstance("SHA-256"));
     }
 
     public static String getSHA512(File file) throws IOException, NoSuchAlgorithmException {
-        return computeSignatureAsString(file, MessageDigest.getInstance("SHA-512"));
+        return computeChecksumAsString(file, MessageDigest.getInstance("SHA-512"));
     }
 }

src/main/java/com/googlecode/download/maven/plugin/internal/WGet.java

@@ -15,7 +15,7 @@
 package com.googlecode.download.maven.plugin.internal;
 
 import com.googlecode.download.maven.plugin.internal.cache.DownloadCache;
-import com.googlecode.download.maven.plugin.internal.signature.Signatures;
+import com.googlecode.download.maven.plugin.internal.checksum.Checksums;
 import java.io.File;
 import java.net.ProxySelector;
 import java.net.URI;
@@ -141,29 +141,29 @@ public class WGet extends AbstractMojo {
     private File outputDirectory;
 
     /**
-     * The md5 of the file. If set, file signature will be compared to this
-     * signature and plugin will fail.
+     * The md5 of the file. If set, file checksum will be compared to this
+     * checksum and plugin will fail.
      */
     @Parameter(property = "download.verify.md5")
     private String md5;
 
     /**
-     * The sha1 of the file. If set, file signature will be compared to this
-     * signature and plugin will fail.
+     * The sha1 of the file. If set, file checksum will be compared to this
+     * checksum and plugin will fail.
      */
     @Parameter(property = "download.verify.sha1")
     private String sha1;
 
     /**
-     * The sha256 of the file. If set, file signature will be compared to this
-     * signature and plugin will fail.
+     * The sha256 of the file. If set, file checksum will be compared to this
+     * checksum and plugin will fail.
      */
     @Parameter(property = "download.verify.sha256")
     private String sha256;
 
     /**
-     * The sha512 of the file. If set, file signature will be compared to this
-     * signature and plugin will fail.
+     * The sha512 of the file. If set, file checksum will be compared to this
+     * checksum and plugin will fail.
      */
     @Parameter(property = "download.verify.sha512")
     private String sha512;
@@ -231,9 +231,24 @@ public class WGet extends AbstractMojo {
     private boolean skip;
 
     /**
-     * Whether to check the signature of existing files
+     * Whether to verify the checksum of an existing file
+     * <p>
+     * By default, checksum verification only occurs after downloading a file. This option additionally enforces
+     * checksum verification for already existing, previously downloaded (or manually copied) files. If the checksum
+     * does not match, re-download the file.
+     * <p>
+     * Use this option in order to ensure that a new download attempt is made after a previously interrupted build or
+     * network connection or some other event corrupted a file.
+     */
+    @Parameter(property = "alwaysVerifyChecksum", defaultValue = "false")
+    private boolean alwaysVerifyChecksum;
+
+    /**
+     * @deprecated The option name is counter-intuitive and not related to signatures but to checksums, in fact.
+     * Please use {@link #alwaysVerifyChecksum} instead. This option might be removed in a future release.
      */
     @Parameter(property = "checkSignature", defaultValue = "false")
+    @Deprecated
     private boolean checkSignature;
 
     /**
@@ -349,7 +364,7 @@ public void execute() throws MojoExecutionException, MojoFailureException {
             outputFile.getAbsolutePath(), ignored -> new ReentrantLock()
         );
 
-        final Signatures signatures = new Signatures(
+        final Checksums checksums = new Checksums(
             this.md5, this.sha1, this.sha256, this.sha512, this.getLog()
         );
         // DO
@@ -372,30 +387,30 @@ public void execute() throws MojoExecutionException, MojoFailureException {
             }
             boolean haveFile = outputFile.exists();
             if (haveFile) {
-                boolean signatureMatch = true;
-                if (this.checkSignature) {
+                boolean checksumMatch = true;
+                if (this.alwaysVerifyChecksum || this.checkSignature) {
                     try {
-                        signatures.validate(outputFile);
+                        checksums.validate(outputFile);
                     } catch (final MojoFailureException e) {
-                        getLog().warn("The local version of file " + outputFile.getName() + " doesn't match the expected signature. " +
-                            "You should consider checking the specified signature is correctly set.");
-                        signatureMatch = false;
+                        getLog().warn("The local version of file " + outputFile.getName() + " doesn't match the expected checksum. " +
+                            "You should consider checking the specified checksum is correctly set.");
+                        checksumMatch = false;
                     }
                 }
-                if (!signatureMatch) {
+                if (!checksumMatch) {
                     outputFile.delete();
                     haveFile = false;
                 } else if (!overwrite) {
                     getLog().info("File already exist, skipping");
                 } else {
-                    // If no signature provided and owerwriting requested we
+                    // If no checksum provided and owerwriting requested we
                     // will treat the fact as if there is no file in the cache.
                     haveFile = false;
                 }
             }
 
             if (!haveFile) {
-                File cached = cache.getArtifact(this.uri, signatures);
+                File cached = cache.getArtifact(this.uri, checksums);
                 if (!this.skipCache && cached != null && cached.exists()) {
                     getLog().debug("Got from cache: " + cached.getAbsolutePath());
                     Files.copy(cached.toPath(), outputFile.toPath());
@@ -409,7 +424,7 @@ public void execute() throws MojoExecutionException, MojoFailureException {
                     while (!done && this.retries > 0) {
                         try {
                             this.doGet(outputFile);
-                            signatures.validate(outputFile);
+                            checksums.validate(outputFile);
                             done = true;
                         } catch (Exception ex) {
                             getLog().warn("Could not get content", ex);
@@ -429,7 +444,7 @@ public void execute() throws MojoExecutionException, MojoFailureException {
                     }
                 }
             }
-            cache.install(this.uri, outputFile, signatures);
+            cache.install(this.uri, outputFile, checksums);
             if (this.unpack) {
                 unpack(outputFile);
                 buildContext.refresh(outputDirectory);

src/main/java/com/googlecode/download/maven/plugin/internal/cache/DownloadCache.java

@@ -15,7 +15,7 @@
  */
 package com.googlecode.download.maven.plugin.internal.cache;
 
-import com.googlecode.download.maven.plugin.internal.signature.Signatures;
+import com.googlecode.download.maven.plugin.internal.checksum.Checksums;
 import java.io.File;
 import java.net.URI;
 import java.nio.file.Files;
@@ -38,13 +38,13 @@ public DownloadCache(File cacheDirectory) {
         this.basedir = cacheDirectory;
     }
 
-	private String getEntry(URI uri, final Signatures signatures) {
+	private String getEntry(URI uri, final Checksums checksums) {
 		final String res = this.index.get(uri);
 		if (res == null) {
 			return null;
 		}
 		final File resFile = new File(this.basedir, res);
-		if (resFile.isFile() && signatures.isValid(resFile)) {
+		if (resFile.isFile() && checksums.isValid(resFile)) {
 			return res;
 		} else {
 			return null;
@@ -53,17 +53,17 @@ private String getEntry(URI uri, final Signatures signatures) {
 
 	/**
 	 * Get a File in the download cache. If no cache for this URL, or
-	 * if expected signatures don't match cached ones, returns null.
+	 * if expected checksums don't match cached ones, returns null.
 	 * available in cache,
 	 * @param uri URL of the file
-	 * @param signatures Supplied signatures.
+	 * @param checksums Supplied checksums.
 	 * @return A File when cache is found, null if no available cache
 	 */
-    public File getArtifact(URI uri, final Signatures signatures) {
+    public File getArtifact(URI uri, final Checksums checksums) {
 		final String res;
 		try {
 			this.index.getLock().lock();
-			res = this.getEntry(uri, signatures);
+			res = this.getEntry(uri, checksums);
 		} finally {
 			this.index.getLock().unlock();
 		}
@@ -73,10 +73,10 @@ public File getArtifact(URI uri, final Signatures signatures) {
 		return null;
 	}
 
-    public void install(URI uri, File outputFile, final Signatures signatures) throws Exception {
+    public void install(URI uri, File outputFile, final Checksums checksums) throws Exception {
 		try {
 			this.index.getLock().lock();
-			final String entry = this.getEntry(uri, signatures);
+			final String entry = this.getEntry(uri, checksums);
 			if (entry != null) {
 				return; // entry already here
 			}

src/main/java/com/googlecode/download/maven/plugin/internal/signature/Signature.java → src/main/java/com/googlecode/download/maven/plugin/internal/checksum/Checksum.java

@@ -13,21 +13,21 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package com.googlecode.download.maven.plugin.internal.signature;
+package com.googlecode.download.maven.plugin.internal.checksum;
 
 /**
- * Supported signature types with corresponding digest algos.
+ * Supported checksum types with corresponding digest algos.
  * @author Paul Polishchuk
  */
-enum Signature {
+enum Checksum {
     MD5("MD5"),
     SHA1("SHA1"),
     SHA256("SHA-256"),
     SHA512("SHA-512");
 
     private final String algo;
 
-    Signature(final String algo) {
+    Checksum(final String algo) {
         this.algo = algo;
     }