You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Xianda Ke (JIRA)" <ji...@apache.org> on 2016/06/29 07:53:45 UTC
[jira] [Resolved] (CRYPTO-81) improve factory api for constructing
Random & Cipher
[ https://issues.apache.org/jira/browse/CRYPTO-81?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Xianda Ke resolved CRYPTO-81.
-----------------------------
Resolution: Fixed
Since it is already fixed in CRYPTO-74, combined with some of the ideas in CRYPTO-81, so close this jira.
> improve factory api for constructing Random & Cipher
> ----------------------------------------------------
>
> Key: CRYPTO-81
> URL: https://issues.apache.org/jira/browse/CRYPTO-81
> Project: Commons Crypto
> Issue Type: Bug
> Reporter: Xianda Ke
> Assignee: Xianda Ke
>
> currently, the client code to construct a CryptoRandom or CryptoCipher looks like this:
> {code}
> // code snippet (a)
> Properties props = new Properties();
> props.setProperty(
> ConfigurationKeys.COMMONS_CRYPTO_SECURE_RANDOM_CLASSES_KEY,
> OpensslCryptoRandom.class.getName());
> CryptoRandom random = CryptoRandomFactory.getCryptoRandom(props);
> {code}
> or using configuration file, it looks like :
> {code}
> # config file
> secure.random.classes="org.apache.commons.crypto.random.OpensslCryptoRandom"
> {code}
> {code}
> // code snippet (b)
> {
> Properties props = loadMyApplicationConfig();
> // ...
> }
>
> {
> // bussiness logic ...
> CryptoRandom random = CryptoRandomFactory.getCryptoRandom(props);
> // ...
> CryptoCipher cipher = CryptoCipherFactory.getInstance(transform, props);
> }
> {code}
> disadvantages:
> 1. if client user just want use openssl engine, trivial stuff in code snippet (a). it looks annoying.
> 2. Client user has to use the long long config key string such as "COMMONS_CRYPTO_SECURE_RANDOM_CLASSES_KEY" or full name of classes
> Client user has to read source to learn how to config the properties.
> 3. the implementation classes such as JavaCryptoRandom, OsCryptoRandom and JavaCryptoRandom are public.
> it would be hard to change library implementation in future.
> if we just *use a enum (RandomProvider or CryptCipherProvider)*
> {code}
> // code snippet (c)
> // client code looks simple and elegant now:
> //RandomProvider.OS or RandomProvider.JAVA
> CryptoRandom random = CryptoRandomFactory.getCryptoRandom(RandomProvider.OPENSSL);
> {code}
> still, client user can use configuration file
> {code}
> # config file
> RandomProvider="OPENSSL"
> CryptCipherProvider="JCE"
> {code}
> {code}
> // code snippet
> {
> Properties props = loadMyApplicationConfig();
> RandomProvider randProvider = RandomProvider.valueOf(props.getProperty(p1));
> CryptoProvider cryptoRrovider =RandomProvider.valueOf(props.getProperty(p1));
> }
> {
> // bussiness logic ...
> CryptoRandom random = CryptoRandomFactory.getCryptoRandom(randProvider);
> // ...
> CryptoCipher cipher = CryptoCipherFactory.getInstance(transform, cryptoRrovider);
> }
> {code}
> advantages:
> 1. Simpler API. snippet (c) is simpler than snippet (a).
> 2. Modern IDE will hint that CryptoRandomFactory.getCryptoRandom() need a enum type (RandomProvider). client user do NOT have to search the long key string such as "COMMONS_CRYPTO_SECURE_RANDOM_CLASSES_KEY". Modern IDE will tell client user how to config
> 3. we don't have to expose the implementation classes as public
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)