You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Zhi Hong Yang <zh...@cn.ibm.com> on 2013/05/21 10:27:27 UTC
Review Request: configurable to support different SHA algorithm
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/
-----------------------------------------------------------
Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich Thompson.
Description
-------
the following setting are added to support different algorithms:
1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
Diffs
-----
http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1484375
Diff: https://reviews.apache.org/r/11299/diff/
Testing
-------
Done.
Thanks,
Zhi Hong Yang
Re: Review Request: configurable to support different SHA algorithm
Posted by Ryan Baxter <rb...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review20879
-----------------------------------------------------------
Can you elaborate on how this effects OAuth? It looks like that it is effecting how we are encrypting the requests to the provider. If we change the encryption being used by Shindig but the provider isn't expecting it to be encrypted with anything other than Sha1 than won't the provider reject that request?
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
<https://reviews.apache.org/r/11299/#comment43011>
This code is repeated in several locations, if you end up keeping it, we should create method that does it in one place.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java
<https://reviews.apache.org/r/11299/#comment43012>
Would be good to put some Javadoc in this class
- Ryan Baxter
On May 21, 2013, 8:27 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated May 21, 2013, 8:27 a.m.)
>
>
> Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich Thompson.
>
>
> Description
> -------
>
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
>
> this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
>
> this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1484375
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request: configurable to support different SHA algorithm
Posted by Ryan Baxter <rb...@gmail.com>.
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java, line 81
> > <https://reviews.apache.org/r/11299/diff/2/?file=295180#file295180line81>
> >
> > Small style nit. Is there a reason the @Named annotation isn't simply being imported to avoid the fully qualified reference here?
>
> Zhi Hong Yang wrote:
> not quite understand it, can you give more explaination?
Stanton is basically saying you can just do @Named instead of specifying @com.google.inject.name.Named.
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties, lines 228-229
> > <https://reviews.apache.org/r/11299/diff/2/?file=295178#file295178line228>
> >
> > It is not clear to me why these are lists. The code that reads these seems to always take the first item in the list. Is there a reason to make this a comma-separated field?
>
> Dan Dumont wrote:
> I agree. If this is a List, then it should keep trying to find a supported algorithm until the list is exhausted. Otherwise, I think the property would be better defined as a single value.
>
> Rich Thompson wrote:
> The choice of list was driven by the need to enhance the OAuth support. The OAuth spec says the the Provider specifies in its metadata what algorithms (ordered list) are supported, but my quick read said that Shindig just ignored this and always used SHA-1. This needs to be enhanced (separate effort, not currently planned) to determine the first preferred consumer algorithm that is in the Provider list. One reason not to push this too hard now is the lack of complaints about the behavior ... pretty clear all Providers people have tried support SHA-1.
>
> Ryan Baxter wrote:
> Rich the algorithm used is specified in the oauth.json file in shindig. I know SmartCloud only supports plain text, I ran into that a while ago.
>
> Zhi Hong Yang wrote:
> the setting is telling user what sha algorithms can be supported. and the first one is the sha algorithms in using.
Still dont understand the need for a list here is we only ever use the first one. Could someone elaborate?
- Ryan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review20878
-----------------------------------------------------------
On June 6, 2013, 2:41 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated June 6, 2013, 2:41 a.m.)
>
>
> Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich Thompson.
>
>
> Description
> -------
>
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
>
> this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
>
> this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1484375
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties, lines 228-229
> > <https://reviews.apache.org/r/11299/diff/2/?file=295178#file295178line228>
> >
> > It is not clear to me why these are lists. The code that reads these seems to always take the first item in the list. Is there a reason to make this a comma-separated field?
>
> Dan Dumont wrote:
> I agree. If this is a List, then it should keep trying to find a supported algorithm until the list is exhausted. Otherwise, I think the property would be better defined as a single value.
>
> Rich Thompson wrote:
> The choice of list was driven by the need to enhance the OAuth support. The OAuth spec says the the Provider specifies in its metadata what algorithms (ordered list) are supported, but my quick read said that Shindig just ignored this and always used SHA-1. This needs to be enhanced (separate effort, not currently planned) to determine the first preferred consumer algorithm that is in the Provider list. One reason not to push this too hard now is the lack of complaints about the behavior ... pretty clear all Providers people have tried support SHA-1.
>
> Ryan Baxter wrote:
> Rich the algorithm used is specified in the oauth.json file in shindig. I know SmartCloud only supports plain text, I ran into that a while ago.
the setting is telling user what sha algorithms can be supported. and the first one is the sha algorithms in using.
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java, line 149
> > <https://reviews.apache.org/r/11299/diff/2/?file=295180#file295180line149>
> >
> > Most of the Shindig code base uses the Splitter.on() method to do this type of work.
Fixed
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java, line 156
> > <https://reviews.apache.org/r/11299/diff/2/?file=295180#file295180line156>
> >
> > Can hmacType be annotated with @Nullable?
Fixed
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java, line 178
> > <https://reviews.apache.org/r/11299/diff/2/?file=295180#file295180line178>
> >
> > Can hmacType be annotated with @Nullable?
Fixed
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java, line 35
> > <https://reviews.apache.org/r/11299/diff/2/?file=295183#file295183line35>
> >
> > This class seems to have a lot of duplication with DigestUtils, which it extends. Why can't this delegate to DigestUtils for the static methods instead of re-writing them?
private static byte[] digest(MessageDigest digest, InputStream data)in DigestUtils is invisible, so have to re-writing it.
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java, line 81
> > <https://reviews.apache.org/r/11299/diff/2/?file=295180#file295180line81>
> >
> > Small style nit. Is there a reason the @Named annotation isn't simply being imported to avoid the fully qualified reference here?
not quite understand it, can you give more explaination?
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java, line 52
> > <https://reviews.apache.org/r/11299/diff/2/?file=295181#file295181line52>
> >
> > Is this public only to support testing?
Fixed
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java, line 77
> > <https://reviews.apache.org/r/11299/diff/2/?file=295181#file295181line77>
> >
> > Is this public only to support testing?
Fixed
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java, line 26
> > <https://reviews.apache.org/r/11299/diff/2/?file=295184#file295184line26>
> >
> > Small nits on whitespace in this file
fixed
- Zhi Hong
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review20878
-----------------------------------------------------------
On June 6, 2013, 2:41 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated June 6, 2013, 2:41 a.m.)
>
>
> Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich Thompson.
>
>
> Description
> -------
>
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
>
> this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
>
> this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1484375
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Rich Thompson <ri...@us.ibm.com>.
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties, lines 228-229
> > <https://reviews.apache.org/r/11299/diff/2/?file=295178#file295178line228>
> >
> > It is not clear to me why these are lists. The code that reads these seems to always take the first item in the list. Is there a reason to make this a comma-separated field?
>
> Dan Dumont wrote:
> I agree. If this is a List, then it should keep trying to find a supported algorithm until the list is exhausted. Otherwise, I think the property would be better defined as a single value.
>
> Rich Thompson wrote:
> The choice of list was driven by the need to enhance the OAuth support. The OAuth spec says the the Provider specifies in its metadata what algorithms (ordered list) are supported, but my quick read said that Shindig just ignored this and always used SHA-1. This needs to be enhanced (separate effort, not currently planned) to determine the first preferred consumer algorithm that is in the Provider list. One reason not to push this too hard now is the lack of complaints about the behavior ... pretty clear all Providers people have tried support SHA-1.
>
> Ryan Baxter wrote:
> Rich the algorithm used is specified in the oauth.json file in shindig. I know SmartCloud only supports plain text, I ran into that a while ago.
>
> Zhi Hong Yang wrote:
> the setting is telling user what sha algorithms can be supported. and the first one is the sha algorithms in using.
>
> Ryan Baxter wrote:
> Still dont understand the need for a list here is we only ever use the first one. Could someone elaborate?
>
> Zhi Hong Yang wrote:
> Since the list is no use for now and may confuse the user, I agree just just the value instead list, All agreee?
It would be fine for this to drop from a list to a singular value (all that is need for the internal use cases updated by this patch), but I still think there is significant value in providing automatic matching when dealing with external services (such as OAuth) rather than depending on an administrator entry of the overlap in what is supported on both the local deployment and the remote system and that dropping to a singular value is removing the foundation for that work (i.e. would have to be added back later).
- Rich
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review20878
-----------------------------------------------------------
On July 18, 2013, 5:41 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated July 18, 2013, 5:41 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
>
> this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
>
> this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request: configurable to support different SHA algorithm
Posted by Ryan Baxter <rb...@gmail.com>.
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties, lines 228-229
> > <https://reviews.apache.org/r/11299/diff/2/?file=295178#file295178line228>
> >
> > It is not clear to me why these are lists. The code that reads these seems to always take the first item in the list. Is there a reason to make this a comma-separated field?
>
> Dan Dumont wrote:
> I agree. If this is a List, then it should keep trying to find a supported algorithm until the list is exhausted. Otherwise, I think the property would be better defined as a single value.
>
> Rich Thompson wrote:
> The choice of list was driven by the need to enhance the OAuth support. The OAuth spec says the the Provider specifies in its metadata what algorithms (ordered list) are supported, but my quick read said that Shindig just ignored this and always used SHA-1. This needs to be enhanced (separate effort, not currently planned) to determine the first preferred consumer algorithm that is in the Provider list. One reason not to push this too hard now is the lack of complaints about the behavior ... pretty clear all Providers people have tried support SHA-1.
Rich the algorithm used is specified in the oauth.json file in shindig. I know SmartCloud only supports plain text, I ran into that a while ago.
- Ryan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review20878
-----------------------------------------------------------
On May 29, 2013, 7:27 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated May 29, 2013, 7:27 a.m.)
>
>
> Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich Thompson.
>
>
> Description
> -------
>
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
>
> this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
>
> this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1484375
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request: configurable to support different SHA algorithm
Posted by Dan Dumont <dd...@us.ibm.com>.
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties, lines 228-229
> > <https://reviews.apache.org/r/11299/diff/2/?file=295178#file295178line228>
> >
> > It is not clear to me why these are lists. The code that reads these seems to always take the first item in the list. Is there a reason to make this a comma-separated field?
I agree. If this is a List, then it should keep trying to find a supported algorithm until the list is exhausted. Otherwise, I think the property would be better defined as a single value.
- Dan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review20878
-----------------------------------------------------------
On May 29, 2013, 7:27 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated May 29, 2013, 7:27 a.m.)
>
>
> Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich Thompson.
>
>
> Description
> -------
>
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
>
> this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
>
> this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1484375
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties, lines 228-229
> > <https://reviews.apache.org/r/11299/diff/2/?file=295178#file295178line228>
> >
> > It is not clear to me why these are lists. The code that reads these seems to always take the first item in the list. Is there a reason to make this a comma-separated field?
>
> Dan Dumont wrote:
> I agree. If this is a List, then it should keep trying to find a supported algorithm until the list is exhausted. Otherwise, I think the property would be better defined as a single value.
>
> Rich Thompson wrote:
> The choice of list was driven by the need to enhance the OAuth support. The OAuth spec says the the Provider specifies in its metadata what algorithms (ordered list) are supported, but my quick read said that Shindig just ignored this and always used SHA-1. This needs to be enhanced (separate effort, not currently planned) to determine the first preferred consumer algorithm that is in the Provider list. One reason not to push this too hard now is the lack of complaints about the behavior ... pretty clear all Providers people have tried support SHA-1.
>
> Ryan Baxter wrote:
> Rich the algorithm used is specified in the oauth.json file in shindig. I know SmartCloud only supports plain text, I ran into that a while ago.
>
> Zhi Hong Yang wrote:
> the setting is telling user what sha algorithms can be supported. and the first one is the sha algorithms in using.
>
> Ryan Baxter wrote:
> Still dont understand the need for a list here is we only ever use the first one. Could someone elaborate?
Since the list is no use for now and may confuse the user, I agree just just the value instead list, All agreee?
- Zhi Hong
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review20878
-----------------------------------------------------------
On June 6, 2013, 2:41 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated June 6, 2013, 2:41 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
>
> this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
>
> this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1484375
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request: configurable to support different SHA algorithm
Posted by Rich Thompson <ri...@us.ibm.com>.
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties, lines 228-229
> > <https://reviews.apache.org/r/11299/diff/2/?file=295178#file295178line228>
> >
> > It is not clear to me why these are lists. The code that reads these seems to always take the first item in the list. Is there a reason to make this a comma-separated field?
>
> Dan Dumont wrote:
> I agree. If this is a List, then it should keep trying to find a supported algorithm until the list is exhausted. Otherwise, I think the property would be better defined as a single value.
The choice of list was driven by the need to enhance the OAuth support. The OAuth spec says the the Provider specifies in its metadata what algorithms (ordered list) are supported, but my quick read said that Shindig just ignored this and always used SHA-1. This needs to be enhanced (separate effort, not currently planned) to determine the first preferred consumer algorithm that is in the Provider list. One reason not to push this too hard now is the lack of complaints about the behavior ... pretty clear all Providers people have tried support SHA-1.
- Rich
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review20878
-----------------------------------------------------------
On May 29, 2013, 7:27 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated May 29, 2013, 7:27 a.m.)
>
>
> Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich Thompson.
>
>
> Description
> -------
>
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
>
> this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
>
> this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1484375
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Ryan Baxter <rb...@gmail.com>.
> On May 22, 2013, 12:55 a.m., Stanton Sievers wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties, lines 228-229
> > <https://reviews.apache.org/r/11299/diff/2/?file=295178#file295178line228>
> >
> > It is not clear to me why these are lists. The code that reads these seems to always take the first item in the list. Is there a reason to make this a comma-separated field?
>
> Dan Dumont wrote:
> I agree. If this is a List, then it should keep trying to find a supported algorithm until the list is exhausted. Otherwise, I think the property would be better defined as a single value.
>
> Rich Thompson wrote:
> The choice of list was driven by the need to enhance the OAuth support. The OAuth spec says the the Provider specifies in its metadata what algorithms (ordered list) are supported, but my quick read said that Shindig just ignored this and always used SHA-1. This needs to be enhanced (separate effort, not currently planned) to determine the first preferred consumer algorithm that is in the Provider list. One reason not to push this too hard now is the lack of complaints about the behavior ... pretty clear all Providers people have tried support SHA-1.
>
> Ryan Baxter wrote:
> Rich the algorithm used is specified in the oauth.json file in shindig. I know SmartCloud only supports plain text, I ran into that a while ago.
>
> Zhi Hong Yang wrote:
> the setting is telling user what sha algorithms can be supported. and the first one is the sha algorithms in using.
>
> Ryan Baxter wrote:
> Still dont understand the need for a list here is we only ever use the first one. Could someone elaborate?
>
> Zhi Hong Yang wrote:
> Since the list is no use for now and may confuse the user, I agree just just the value instead list, All agreee?
>
> Rich Thompson wrote:
> It would be fine for this to drop from a list to a singular value (all that is need for the internal use cases updated by this patch), but I still think there is significant value in providing automatic matching when dealing with external services (such as OAuth) rather than depending on an administrator entry of the overlap in what is supported on both the local deployment and the remote system and that dropping to a singular value is removing the foundation for that work (i.e. would have to be added back later).
Lets drop it, we don't have support for automatic detection of encryption algorithms so it is very confusing why it is there.
- Ryan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review20878
-----------------------------------------------------------
On July 18, 2013, 11:04 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated July 18, 2013, 11:04 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA
>
> this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1
>
> this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request: configurable to support different SHA algorithm
Posted by Stanton Sievers <si...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review20878
-----------------------------------------------------------
In general I'd like to see some tests using the other supported HMAC types instead of only testing SHA-1.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties
<https://reviews.apache.org/r/11299/#comment43010>
It is not clear to me why these are lists. The code that reads these seems to always take the first item in the list. Is there a reason to make this a comma-separated field?
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
<https://reviews.apache.org/r/11299/#comment43003>
Small style nit. Is there a reason the @Named annotation isn't simply being imported to avoid the fully qualified reference here?
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
<https://reviews.apache.org/r/11299/#comment42998>
I believe there is a @Nullable annotation that would be good to use on hmacType in this situation
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
<https://reviews.apache.org/r/11299/#comment42999>
This is a common pattern between the two constructors. Can this code be shared?
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
<https://reviews.apache.org/r/11299/#comment43000>
Most of the Shindig code base uses the Splitter.on() method to do this type of work.
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
<https://reviews.apache.org/r/11299/#comment43001>
Can hmacType be annotated with @Nullable?
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
<https://reviews.apache.org/r/11299/#comment43002>
Can hmacType be annotated with @Nullable?
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java
<https://reviews.apache.org/r/11299/#comment43007>
Is this public only to support testing?
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java
<https://reviews.apache.org/r/11299/#comment43008>
Is this public only to support testing?
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java
<https://reviews.apache.org/r/11299/#comment43009>
This class seems to have a lot of duplication with DigestUtils, which it extends. Why can't this delegate to DigestUtils for the static methods instead of re-writing them?
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java
<https://reviews.apache.org/r/11299/#comment43004>
Small style nit. Is there a reason the @Named annotation isn't simply being imported to avoid the fully qualified reference here?
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java
<https://reviews.apache.org/r/11299/#comment43005>
Small nits on whitespace in this file
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java
<https://reviews.apache.org/r/11299/#comment43006>
Can you explain why you are setting this? Shouldn't test tearDown be setting this back to the default? Otherwise will this cascade between tests?
- Stanton Sievers
On May 21, 2013, 8:27 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated May 21, 2013, 8:27 a.m.)
>
>
> Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich Thompson.
>
>
> Description
> -------
>
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
>
> this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
>
> this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/conf/shindig.properties 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1484375
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request: configurable to support different SHA algorithm
Posted by Dan Dumont <dd...@us.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review21271
-----------------------------------------------------------
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
<https://reviews.apache.org/r/11299/#comment44146>
Values here do not have whitespaces trimmed. So if the list has a space following a comma, the wrong value will be used to check for supported alg. That is, assuming you want this to work on lists (which it really doesn't at the moment.)
You should still probably trim the Strings in the List.
- Dan Dumont
On May 29, 2013, 7:27 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated May 29, 2013, 7:27 a.m.)
>
>
> Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich Thompson.
>
>
> Description
> -------
>
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
>
> this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
>
> this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1484375
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request: configurable to support different SHA algorithm
Posted by Henry Saputra <hs...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review21281
-----------------------------------------------------------
Any JIRA opened for these proposed changes?
- Henry Saputra
On May 29, 2013, 7:27 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated May 29, 2013, 7:27 a.m.)
>
>
> Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich Thompson.
>
>
> Description
> -------
>
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
>
> this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
>
> this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1484375
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1484375
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
> On July 18, 2013, 9:16 p.m., Ryan Baxter wrote:
> > Can you add a JIRA to the review?
Here is the JIRA Link, please help to check it's ok? thanks.
https://issues.apache.org/jira/browse/SHINDIG-1921
- Zhi Hong
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review23441
-----------------------------------------------------------
On July 18, 2013, 11:04 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated July 18, 2013, 11:04 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA
>
> this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1
>
> this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Ryan Baxter <rb...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review23441
-----------------------------------------------------------
Can you add a JIRA to the review?
- Ryan Baxter
On July 18, 2013, 11:04 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated July 18, 2013, 11:04 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA
>
> this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1
>
> this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
> On Aug. 7, 2013, 2:39 p.m., Ryan Baxter wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java, line 553
> > <https://reviews.apache.org/r/11299/diff/6/?file=338121#file338121line553>
> >
> > I think this is a bug and should always use SHA1 when hashing the body. If you look at the spec for the oauth_body_hash extension [1] it calls out that SHA1 MUST be used when the signature type is HMAC-SHA1 or RSA-SHA1. The only time the signature will not be one of those is if the signature type is plain text in which case addBodyHash would be false and we wouldn't add the parameter.
> > [1] http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html
Agree, fix it.
- Zhi Hong
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review24802
-----------------------------------------------------------
On Aug. 8, 2013, 6:38 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated Aug. 8, 2013, 6:38 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithm = SHA
>
> this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
>
> 2) shindig.crypo.preferredHMACAlgorithm = HMACSHA1
>
> this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Ryan Baxter <rb...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review24802
-----------------------------------------------------------
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
<https://reviews.apache.org/r/11299/#comment48910>
I think this is a bug and should always use SHA1 when hashing the body. If you look at the spec for the oauth_body_hash extension [1] it calls out that SHA1 MUST be used when the signature type is HMAC-SHA1 or RSA-SHA1. The only time the signature will not be one of those is if the signature type is plain text in which case addBodyHash would be false and we wouldn't add the parameter.
[1] http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html
- Ryan Baxter
On Aug. 7, 2013, 3:26 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated Aug. 7, 2013, 3:26 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithm = SHA
>
> this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
>
> 2) shindig.crypo.preferredHMACAlgorithm = HMACSHA1
>
> this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Ryan Baxter <rb...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review24889
-----------------------------------------------------------
Ship it!
Ship It!
- Ryan Baxter
On Aug. 8, 2013, 6:38 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated Aug. 8, 2013, 6:38 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithm = SHA
>
> this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
>
> 2) shindig.crypo.preferredHMACAlgorithm = HMACSHA1
>
> this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Stanton Sievers <si...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review24892
-----------------------------------------------------------
Ship it!
Good catch!
- Stanton Sievers
On Aug. 8, 2013, 6:38 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated Aug. 8, 2013, 6:38 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithm = SHA
>
> this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
>
> 2) shindig.crypo.preferredHMACAlgorithm = HMACSHA1
>
> this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Ryan Baxter <rb...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review25228
-----------------------------------------------------------
Committed revision 1514559
Please close the review
- Ryan Baxter
On Aug. 16, 2013, 12:26 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated Aug. 16, 2013, 12:26 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Bugs: SHINDIG-1921
> https://issues.apache.org/jira/browse/SHINDIG-1921
>
>
> Repository: shindig
>
>
> Description
> -------
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithm = SHA
>
> this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
>
> 2) shindig.crypo.preferredHMACAlgorithm = HMACSHA1
>
> this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
>
>
> JIRA:
> https://issues.apache.org/jira/browse/SHINDIG-1921
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/
-----------------------------------------------------------
(Updated Aug. 16, 2013, 12:26 a.m.)
Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
Bugs: SHINDIG-1921
https://issues.apache.org/jira/browse/SHINDIG-1921
Repository: shindig
Description
-------
the following setting are added to support different algorithms:
1) shindig.crypo.preferredHashAlgorithm = SHA
this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
2) shindig.crypo.preferredHMACAlgorithm = HMACSHA1
this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
JIRA:
https://issues.apache.org/jira/browse/SHINDIG-1921
Diffs
-----
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
Diff: https://reviews.apache.org/r/11299/diff/
Testing
-------
Done.
Thanks,
Zhi Hong Yang
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/
-----------------------------------------------------------
(Updated Aug. 15, 2013, 2:29 a.m.)
Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
Repository: shindig
Description (updated)
-------
the following setting are added to support different algorithms:
1) shindig.crypo.preferredHashAlgorithm = SHA
this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
2) shindig.crypo.preferredHMACAlgorithm = HMACSHA1
this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
JIRA:
https://issues.apache.org/jira/browse/SHINDIG-1921
Diffs
-----
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
Diff: https://reviews.apache.org/r/11299/diff/
Testing
-------
Done.
Thanks,
Zhi Hong Yang
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/
-----------------------------------------------------------
(Updated Aug. 8, 2013, 6:38 a.m.)
Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
Repository: shindig
Description
-------
the following setting are added to support different algorithms:
1) shindig.crypo.preferredHashAlgorithm = SHA
this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
2) shindig.crypo.preferredHMACAlgorithm = HMACSHA1
this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
Diffs (updated)
-----
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
Diff: https://reviews.apache.org/r/11299/diff/
Testing
-------
Done.
Thanks,
Zhi Hong Yang
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/
-----------------------------------------------------------
(Updated Aug. 7, 2013, 3:26 a.m.)
Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
Repository: shindig
Description (updated)
-------
the following setting are added to support different algorithms:
1) shindig.crypo.preferredHashAlgorithm = SHA
this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
2) shindig.crypo.preferredHMACAlgorithm = HMACSHA1
this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
Diffs
-----
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
Diff: https://reviews.apache.org/r/11299/diff/
Testing
-------
Done.
Thanks,
Zhi Hong Yang
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/
-----------------------------------------------------------
(Updated Aug. 7, 2013, 3:25 a.m.)
Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
Repository: shindig
Description
-------
the following setting are added to support different algorithms:
1) shindig.crypo.preferredHashAlgorithms = SHA
this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1
this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
Diffs (updated)
-----
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
Diff: https://reviews.apache.org/r/11299/diff/
Testing
-------
Done.
Thanks,
Zhi Hong Yang
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Dan Dumont <dd...@us.ibm.com>.
> On Aug. 7, 2013, 2:17 a.m., Dan Dumont wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java, line 81
> > <https://reviews.apache.org/r/11299/diff/5/?file=323040#file323040line81>
> >
> > This method is plural even though the config is currently meant to hold 1 value.
Other than that, LGTM
- Dan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review24735
-----------------------------------------------------------
On July 18, 2013, 11:04 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated July 18, 2013, 11:04 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA
>
> this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1
>
> this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Dan Dumont <dd...@us.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review24735
-----------------------------------------------------------
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
<https://reviews.apache.org/r/11299/#comment48844>
This method is plural even though the config is currently meant to hold 1 value.
- Dan Dumont
On July 18, 2013, 11:04 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated July 18, 2013, 11:04 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA
>
> this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1
>
> this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Stanton Sievers <si...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review24717
-----------------------------------------------------------
Ship it!
Ship It!
- Stanton Sievers
On July 18, 2013, 11:04 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated July 18, 2013, 11:04 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA
>
> this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1
>
> this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
> On Aug. 1, 2013, 2:46 p.m., Ryan Baxter wrote:
> > http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java, line 553
> > <https://reviews.apache.org/r/11299/diff/5/?file=323051#file323051line553>
> >
> > Where does this hash get sent to? The OAuth provider?
>From the code:
String b64 = CharsetUtil.newUtf8String(Base64.encodeBase64(hash));
params.add(new Parameter(OAuthConstants.OAUTH_BODY_HASH, b64));
it will be sent out in oauth request, this is not related with this fix. The fix is just change the digest implmenation, the previous is just using sha to digest, my fix is using a customzied SHA implmenation(user's setting).
- Zhi Hong
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review24441
-----------------------------------------------------------
On Aug. 7, 2013, 3:25 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated Aug. 7, 2013, 3:25 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA
>
> this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1
>
> this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Ryan Baxter <rb...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/#review24441
-----------------------------------------------------------
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java
<https://reviews.apache.org/r/11299/#comment48365>
Where does this hash get sent to? The OAuth provider?
- Ryan Baxter
On July 18, 2013, 11:04 a.m., Zhi Hong Yang wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/11299/
> -----------------------------------------------------------
>
> (Updated July 18, 2013, 11:04 a.m.)
>
>
> Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
>
>
> Repository: shindig
>
>
> Description
> -------
>
> the following setting are added to support different algorithms:
>
> 1) shindig.crypo.preferredHashAlgorithms = SHA
>
> this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
>
> 2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1
>
> this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
>
>
> Diffs
> -----
>
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
> http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
>
> Diff: https://reviews.apache.org/r/11299/diff/
>
>
> Testing
> -------
>
> Done.
>
>
> Thanks,
>
> Zhi Hong Yang
>
>
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/
-----------------------------------------------------------
(Updated July 18, 2013, 11:04 a.m.)
Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
Repository: shindig
Description (updated)
-------
the following setting are added to support different algorithms:
1) shindig.crypo.preferredHashAlgorithms = SHA
this setting is used to set string hash algorithm, SHA, SHA-256, SHA-384, SHA-512 is supported
2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1
this setting is used to set string encrypt/decrypt algorithm, HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512 is supported
Diffs
-----
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
Diff: https://reviews.apache.org/r/11299/diff/
Testing
-------
Done.
Thanks,
Zhi Hong Yang
Re: Review Request 11299: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/
-----------------------------------------------------------
(Updated July 18, 2013, 5:41 a.m.)
Review request for shindig, Dan Dumont, Ryan Baxter, Rich Thompson, and Stanton Sievers.
Repository: shindig
Description
-------
the following setting are added to support different algorithms:
1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
Diffs (updated)
-----
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1503103
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1503103
Diff: https://reviews.apache.org/r/11299/diff/
Testing
-------
Done.
Thanks,
Zhi Hong Yang
Re: Review Request: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/
-----------------------------------------------------------
(Updated June 6, 2013, 2:41 a.m.)
Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich Thompson.
Description
-------
the following setting are added to support different algorithms:
1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
Diffs (updated)
-----
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1484375
Diff: https://reviews.apache.org/r/11299/diff/
Testing
-------
Done.
Thanks,
Zhi Hong Yang
Re: Review Request: configurable to support different SHA algorithm
Posted by Zhi Hong Yang <zh...@cn.ibm.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11299/
-----------------------------------------------------------
(Updated May 29, 2013, 7:27 a.m.)
Review request for shindig, Ryan Baxter, Dan Dumont, Stanton Sievers, and Rich Thompson.
Description
-------
the following setting are added to support different algorithms:
1) shindig.crypo.preferredHashAlgorithms = SHA, SHA-256, SHA-384, SHA-512
this setting is used to set string hash algorithm, all supported hash Algorithms is listed and the first one is supported by default.
2) shindig.crypo.preferredHMACAlgorithms = HMACSHA1,HMACSHA256,HMACSHA384,HMACSHA512
this setting is used to set string encrypt/decrypt algorithm, all supported HMA SHA algorithms is listed and the first one is supported by default
Diffs (updated)
-----
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java PRE-CREATION
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java 1484375
http://svn.apache.org/repos/asf/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java 1484375
Diff: https://reviews.apache.org/r/11299/diff/
Testing
-------
Done.
Thanks,
Zhi Hong Yang