You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by ad...@apache.org on 2014/11/20 19:39:10 UTC
wicket git commit: WICKET-5768 Code review with Martin. "secret key" removed from AbstractCrypt, IMHO not the right place for it.

Repository: wicket
Updated Branches:
  refs/heads/WICKET-5768-improve-crypt 1ffc984ca -> 80bad259c


WICKET-5768 Code review with Martin. "secret key" removed from
AbstractCrypt, IMHO not the right place for it.

Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/80bad259
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/80bad259
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/80bad259

Branch: refs/heads/WICKET-5768-improve-crypt
Commit: 80bad259cde060706beebd5e8408d219aac56f8d
Parents: 1ffc984
Author: Andrea Del Bene <ad...@apache.org>
Authored: Thu Nov 20 17:54:36 2014 +0100
Committer: Andrea Del Bene <ad...@apache.org>
Committed: Thu Nov 20 17:54:36 2014 +0100

----------------------------------------------------------------------
 .../crypt/AbstractKeyInSessionCryptFactory.java | 88 ++++++++++++++++++++
 .../AbstractKeyInSessionJceCryptFactory.java    | 88 --------------------
 .../crypt/KeyInSessionSunJceCryptFactory.java   |  2 +-
 .../apache/wicket/util/crypt/AbstractCrypt.java | 25 ------
 .../org/apache/wicket/util/crypt/NoCrypt.java   |  5 --
 .../apache/wicket/util/crypt/SunJceCrypt.java   | 23 +++--
 6 files changed, 107 insertions(+), 124 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/80bad259/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/AbstractKeyInSessionCryptFactory.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/AbstractKeyInSessionCryptFactory.java b/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/AbstractKeyInSessionCryptFactory.java
new file mode 100644
index 0000000..70d44e7
--- /dev/null
+++ b/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/AbstractKeyInSessionCryptFactory.java
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.wicket.core.util.crypt;
+
+
+import java.io.Serializable;
+
+import org.apache.wicket.MetaDataKey;
+import org.apache.wicket.Session;
+import org.apache.wicket.util.crypt.ICrypt;
+
+/**
+ * Base class to implement crypt factories that store crypt into user session.
+ * Note that the use of this crypt factory will result in an immediate creation of a http session.
+ * 
+ * @author andrea del bene
+ *
+ * @param <T>
+ * 				the type for the secret key.
+ */
+public abstract class AbstractKeyInSessionCryptFactory<T extends Serializable>
+{
+	/** metadata-key used to store crypto-key in session metadata */
+	private static final MetaDataKey<Serializable> KEY = new MetaDataKey<Serializable>()
+	{
+		private static final long serialVersionUID = 1L;
+	};
+	
+	public AbstractKeyInSessionCryptFactory()
+	{
+		super();
+	}
+	
+	/**
+	 * Creates a new crypt for the current user session. If no user session is 
+	 * available, a new one is created.
+	 * 
+	 * @return
+	 */
+	@SuppressWarnings("unchecked")
+	public ICrypt newCrypt()
+	{
+		Session session = Session.get();
+		session.bind();
+	
+		// retrieve or generate encryption key from session
+		Serializable key = session.getMetaData(KEY);
+		if (key == null)
+		{
+			// generate new key
+			key = generateKey(session);
+			session.setMetaData(KEY, key);
+		}
+	
+		// build the crypt based on session key
+		ICrypt crypt = createCrypt((T)key);
+		return crypt;
+	}
+
+	/**
+	 * Generates the secret key for a new crypt.
+	 * 
+	 * @param session
+	 * 				the current user session where crypt will be stored
+	 * @return
+	 * 				the secret key for a new crypt
+	 */
+	protected abstract T generateKey(Session session);	
+
+	/**
+	 * @return the {@link org.apache.wicket.util.crypt.ICrypt} to use
+	 */
+	protected abstract ICrypt createCrypt(T key);	
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/wicket/blob/80bad259/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/AbstractKeyInSessionJceCryptFactory.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/AbstractKeyInSessionJceCryptFactory.java b/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/AbstractKeyInSessionJceCryptFactory.java
deleted file mode 100644
index 77ffa27..0000000
--- a/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/AbstractKeyInSessionJceCryptFactory.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.wicket.core.util.crypt;
-
-
-import java.io.Serializable;
-
-import org.apache.wicket.MetaDataKey;
-import org.apache.wicket.Session;
-import org.apache.wicket.util.crypt.ICrypt;
-
-/**
- * Base class to implement crypt factories that store crypt into user session.
- * Note that the use of this crypt factory will result in an immediate creation of a http session.
- * 
- * @author andrea del bene
- *
- * @param <T>
- * 				the type for the secret key.
- */
-public abstract class AbstractKeyInSessionJceCryptFactory<T extends Serializable>
-{
-	/** metadata-key used to store crypto-key in session metadata */
-	static final MetaDataKey<Serializable> KEY = new MetaDataKey<Serializable>()
-	{
-		private static final long serialVersionUID = 1L;
-	};
-	
-	public AbstractKeyInSessionJceCryptFactory()
-	{
-		super();
-	}
-	
-	/**
-	 * Creates a new crypt for the current user session. If no user session is 
-	 * available, a new one is created.
-	 * 
-	 * @return
-	 */
-	@SuppressWarnings("unchecked")
-	public ICrypt newCrypt()
-	{
-		Session session = Session.get();
-		session.bind();
-	
-		// retrieve or generate encryption key from session
-		Serializable key = session.getMetaData(KEY);
-		if (key == null)
-		{
-			// generate new key
-			key = generateKey(session);
-			session.setMetaData(KEY, key);
-		}
-	
-		// build the crypt based on session key
-		ICrypt crypt = createCrypt((T)key);
-		return crypt;
-	}
-
-	/**
-	 * Generates the secret key for a new crypt.
-	 * 
-	 * @param session
-	 * 				the current user session where crypt will be stored
-	 * @return
-	 * 				the secret key for a new crypt
-	 */
-	protected abstract T generateKey(Session session);	
-
-	/**
-	 * @return the {@link org.apache.wicket.util.crypt.ICrypt} to use
-	 */
-	protected abstract ICrypt createCrypt(T key);	
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/wicket/blob/80bad259/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/KeyInSessionSunJceCryptFactory.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/KeyInSessionSunJceCryptFactory.java b/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/KeyInSessionSunJceCryptFactory.java
index 9158edd..69de6de 100644
--- a/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/KeyInSessionSunJceCryptFactory.java
+++ b/wicket-core/src/main/java/org/apache/wicket/core/util/crypt/KeyInSessionSunJceCryptFactory.java
@@ -33,7 +33,7 @@ import org.apache.wicket.util.lang.Args;
  *
  * @author igor.vaynberg
  */
-public class KeyInSessionSunJceCryptFactory extends AbstractKeyInSessionJceCryptFactory<String> implements ICryptFactory
+public class KeyInSessionSunJceCryptFactory extends AbstractKeyInSessionCryptFactory<String> implements ICryptFactory
 {	
 	final String cryptMethod;
 

http://git-wip-us.apache.org/repos/asf/wicket/blob/80bad259/wicket-util/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java
----------------------------------------------------------------------
diff --git a/wicket-util/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java b/wicket-util/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java
index 5f68192..7e426c0 100644
--- a/wicket-util/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java
+++ b/wicket-util/src/main/java/org/apache/wicket/util/crypt/AbstractCrypt.java
@@ -22,7 +22,6 @@ import java.security.GeneralSecurityException;
 
 import javax.crypto.Cipher;
 
-import org.apache.wicket.util.lang.Args;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -40,30 +39,6 @@ public abstract class AbstractCrypt<T extends Serializable> implements ICrypt
 	/** Log. */
 	private static final Logger log = LoggerFactory.getLogger(AbstractCrypt.class);
 
-	/** Key used to de-/encrypt the data */
-	private final T encryptionKey;
-	
-	/**
-	 * Constructor
-	 * 
-	 * @param encryptionKey
-	 * 				the encryption key to use
-	 */
-	public AbstractCrypt(final T encryptionKey)
-	{
-		this.encryptionKey = Args.notNull(encryptionKey, "encryptionKey");
-	}
-	
-	/**
-	 * Get encryption private key
-	 * 
-	 * @return encryption private key
-	 */
-	public T getKey()
-	{
-		return encryptionKey;
-	}
-
 	/**
 	 * Crypts the given byte array
 	 * 

http://git-wip-us.apache.org/repos/asf/wicket/blob/80bad259/wicket-util/src/main/java/org/apache/wicket/util/crypt/NoCrypt.java
----------------------------------------------------------------------
diff --git a/wicket-util/src/main/java/org/apache/wicket/util/crypt/NoCrypt.java b/wicket-util/src/main/java/org/apache/wicket/util/crypt/NoCrypt.java
index 7c14aa0..c9c9c8d 100644
--- a/wicket-util/src/main/java/org/apache/wicket/util/crypt/NoCrypt.java
+++ b/wicket-util/src/main/java/org/apache/wicket/util/crypt/NoCrypt.java
@@ -28,11 +28,6 @@ import java.security.GeneralSecurityException;
  */
 public class NoCrypt extends AbstractCrypt<String>
 {
-	public NoCrypt()
-	{
-		super("");
-	}
-
 	/**
 	 * Decrypts a string into a string.
 	 * 

http://git-wip-us.apache.org/repos/asf/wicket/blob/80bad259/wicket-util/src/main/java/org/apache/wicket/util/crypt/SunJceCrypt.java
----------------------------------------------------------------------
diff --git a/wicket-util/src/main/java/org/apache/wicket/util/crypt/SunJceCrypt.java b/wicket-util/src/main/java/org/apache/wicket/util/crypt/SunJceCrypt.java
index 941ffe9..8fa4385 100644
--- a/wicket-util/src/main/java/org/apache/wicket/util/crypt/SunJceCrypt.java
+++ b/wicket-util/src/main/java/org/apache/wicket/util/crypt/SunJceCrypt.java
@@ -58,6 +58,9 @@ public class SunJceCrypt extends AbstractCrypt<String>
 
 	/** The name of encryption method (cipher) */
 	private final String cryptMethod;
+	
+	/** Key used to de-/encrypt the data */
+	private final String encryptionPassword;	
 
 	/**
 	 * Constructor
@@ -80,12 +83,12 @@ public class SunJceCrypt extends AbstractCrypt<String>
 		this(cryptMethod, generateRandomKey());
 	}
 
-	public SunJceCrypt(String cryptMethod, String key)
+	public SunJceCrypt(String cryptMethod, String encryptionPassword)
 	{
-		super(key);
+		this.encryptionPassword = encryptionPassword;
 		this.cryptMethod = Args.notNull(cryptMethod, "Crypt method");
 		
-		checkChiperIsSupported(cryptMethod);
+		checkCipherIsSupported(cryptMethod);
 	}
 	
 	/**
@@ -94,7 +97,7 @@ public class SunJceCrypt extends AbstractCrypt<String>
 	 * @param cryptMethod
 	 * 				the name of encryption method (the cipher) 
 	 */
-	private void checkChiperIsSupported(String cryptMethod)
+	private void checkCipherIsSupported(String cryptMethod)
 	{
 		if (Security.getProviders("Cipher." + cryptMethod).length > 0)
 		{
@@ -192,8 +195,18 @@ public class SunJceCrypt extends AbstractCrypt<String>
 	 * 
 	 * @return the random string key
 	 */
-	protected static String generateRandomKey()
+	public static String generateRandomKey()
 	{
 		return UUID.randomUUID().toString();
 	}
+	
+	/**
+	 * Returns the secret key used by this Crypt
+	 * 
+	 * @return the secret key
+	 */
+	public String getKey()
+	{
+		return encryptionPassword;
+	}
 }