oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simone Tripodi <simonetrip...@apache.org>
Subject Refactoring the Hmac and Rsa signature methods APIs in JWS
Date Thu, 26 Jun 2014 09:01:46 GMT
Hi Antonio, All,

following up the old discussion, I found some spare time to make a
proposal and pasted in on Gist[1], if it looks fine for you I'd be
happy to track it on JIRA and continue the discussion/development
there.

Main concerns I was focused on while making the proposal:

 * simplify the RSA/HMAC usage for users not familiar with
java.security APIs, introducing KeyFactory;

 * reduce drastically the magic role of Strings in the RSA algorithms,
I would avoid end users have to manipulate strings in order to obtain
different RSA algorithms, but IMHO it has to be clear which algorithm
they are going to use by simply instantiating classes;

 * have classes well organised, collected in different packages
depending by the signature method.

Any feedback would be much more than appreciated, many thanks in advance!
-Simo

[1] https://gist.github.com/simonetripodi/740ec4a8c1fdf06d5f3f

http://people.apache.org/~simonetripodi/
http://twitter.com/simonetripodi


On Fri, Apr 11, 2014 at 1:51 PM, Simone Tripodi
<simonetripodi@apache.org> wrote:
> Hi Tonino,
>
> just few considerations:
>
>> +public class JwsConstants {
>> +
>> +    public static final String RS256 = "RS256";
>> +
>> +    public static final String RS384 = "RS384";
>> +
>> +    public static final String RS512 = "RS512";
>> +}
>
> I'd reduce this class constructor as 'private'
>
>>
>> Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java
>
> I wouldn't add that classes to a generic 'impl' package, they refer to
> specific 'java.security' implementation, so I would suggest to:
>
>  * having them implemented in a separated module/bundle
>
>  * package name be renamed
>
> WDYT?
> Best,
> -Simo

Mime
View raw message