registry: restore clarifying comments lost during refactoring

iamabhilaksh · iamabhilaksh · commit 5b34008f45ed · 2026-03-11T01:21:58.000+05:30
- OciRegistryClient: add back manifest size limit, digest validation,
  and Docker-Content-Digest fallback comments in extracted methods
- BearerTokenExchange: rephrase split token field comment into single line
diff --git a/registry/registry-client/src/main/java/com/salesforce/multicloudj/registry/driver/BearerTokenExchange.java b/registry/registry-client/src/main/java/com/salesforce/multicloudj/registry/driver/BearerTokenExchange.java
@@ -91,8 +91,7 @@ private String executeTokenRequest(HttpGet request) throws IOException {
             "Invalid JSON response from token endpoint: " + responseBody, e);
       }
 
-      // Token can be in "token" (Docker Hub, AWS ECR) or "access_token" (GCP Artifact Registry)
-      // field
+      // Token field is "token" (Docker Hub, AWS ECR) or "access_token" (GCP Artifact Registry)
       if (json.has(TOKEN_FIELD) && !json.get(TOKEN_FIELD).isJsonNull()) {
         return json.get(TOKEN_FIELD).getAsString();
       } else if (json.has(ACCESS_TOKEN_FIELD) && !json.get(ACCESS_TOKEN_FIELD).isJsonNull()) {
diff --git a/registry/registry-client/src/main/java/com/salesforce/multicloudj/registry/driver/OciRegistryClient.java b/registry/registry-client/src/main/java/com/salesforce/multicloudj/registry/driver/OciRegistryClient.java
@@ -211,6 +211,7 @@ private Manifest executeFetchManifestRequest(
         throw new UnknownException("Failed to fetch manifest: empty response body");
       }
 
+      // Check manifest size limit to prevent resource exhaustion
       long contentLength = response.getEntity().getContentLength();
       if (contentLength > MAX_MANIFEST_SIZE_BYTES) {
         throw new UnknownException(
@@ -222,6 +223,7 @@ private Manifest executeFetchManifestRequest(
       String responseBody = EntityUtils.toString(response.getEntity(), StandardCharsets.UTF_8);
       String digestHeader = computeManifestDigest(response, responseBody);
 
+      // Validate digest if fetching by digest reference (e.g., repo@sha256:...)
       if (reference.startsWith(DIGEST_PREFIX) && !reference.equals(digestHeader)) {
         throw new UnknownException(
             String.format(
@@ -238,6 +240,7 @@ private String computeManifestDigest(CloseableHttpResponse response, String resp
     if (header != null) {
       return header.getValue();
     }
+    // Docker-Content-Digest header may be absent (e.g., AWS ECR); calculate from response body
     try {
       MessageDigest md = MessageDigest.getInstance(DIGEST_ALGORITHM);
       byte[] hash = md.digest(responseBody.getBytes(StandardCharsets.UTF_8));

Original file line number	Diff line number	Diff line change
`@@ -91,8 +91,7 @@ private String executeTokenRequest(HttpGet request) throws IOException {`
`91`	`91`	`"Invalid JSON response from token endpoint: " + responseBody, e);`
`92`	`92`	`}`
`93`	`93`
`94`		`- // Token can be in "token" (Docker Hub, AWS ECR) or "access_token" (GCP Artifact Registry)`
`95`		`- // field`
	`94`	`+ // Token field is "token" (Docker Hub, AWS ECR) or "access_token" (GCP Artifact Registry)`
`96`	`95`	`if (json.has(TOKEN_FIELD) && !json.get(TOKEN_FIELD).isJsonNull()) {`
`97`	`96`	`return json.get(TOKEN_FIELD).getAsString();`
`98`	`97`	`} else if (json.has(ACCESS_TOKEN_FIELD) && !json.get(ACCESS_TOKEN_FIELD).isJsonNull()) {`