You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by David Karlsen <da...@gmail.com> on 2019/04/01 10:06:56 UTC
Re: http sig implementation
Now as there is property support:
PrivateKey privateKey = KeyManagementUtils.loadPrivateKey(m, props);
There is probably no need for the PrivateKeyProvider interface? (and maybe
no longer the public one either?)
fre. 29. mar. 2019 kl. 13:09 skrev Colm O hEigeartaigh <coheigea@apache.org
>:
> Hi David,
>
> Also - should there be a PrivateKeyProvider:
> > PrivateKey getKey(String keyId);
> >
>
> +1. Please submit a PR.
>
>
> >
> > >
> >
> https://github.com/apache/cxf/tree/master/rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/filters
> > > There are no ClientRequestInterceptor to do the digest which is crucial
> > to
> > > the security protocol:
> > > https://tools.ietf.org/html/draft-cavage-http-signatures-10
> > >
> > > Maybe that should be added as a WriterInterceptor (e.g. quite late in
> the
> > > chain) - as one of the required headers is the Date header?
> > >
> > > Also - should digest + sign maybe be in one filter - as they go
> together
> > > to implement the spec?
> >
>
> Yeah I was leaving the digest part until after I did an initial cleanup of
> the filters, and supported configuration via properties. I'll look at this
> next, although feel free to work on it if you'd prefer.
>
>
> > >
> > > Can the interceptors and filters be made non-final -
> >
>
> Done.
>
> Colm.
>
> >
> > > --
> > > --
> > > David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
> > >
> >
> >
> > --
> > --
> > David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
--
--
David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
Re: http sig implementation
Posted by David Karlsen <da...@gmail.com>.
I have a few PRs in now if you could comment on them.
Are you available on any chat so that I don't spam the mailinglist and can
have an easier request /response?
Den man. 1. apr. 2019, 12:33 skrev Colm O hEigeartaigh <coheigea@apache.org
>:
> Well the property is just for loading from a keystore. It's really just a
> convenience so that a user using keystores doesn't have to be implementing
> interfaces.
>
> So I think having separate interfaces to load public / private keys as well
> is a good idea, as it allows users the freedom to store their keys where
> they want.
>
> Colm.
>
> On Mon, Apr 1, 2019 at 11:07 AM David Karlsen <da...@gmail.com>
> wrote:
>
> > Now as there is property support:
> >
> > PrivateKey privateKey = KeyManagementUtils.loadPrivateKey(m, props);
> >
> > There is probably no need for the PrivateKeyProvider interface? (and
> maybe
> > no longer the public one either?)
> >
> > fre. 29. mar. 2019 kl. 13:09 skrev Colm O hEigeartaigh <
> > coheigea@apache.org
> > >:
> >
> > > Hi David,
> > >
> > > Also - should there be a PrivateKeyProvider:
> > > > PrivateKey getKey(String keyId);
> > > >
> > >
> > > +1. Please submit a PR.
> > >
> > >
> > > >
> > > > >
> > > >
> > >
> >
> https://github.com/apache/cxf/tree/master/rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/filters
> > > > > There are no ClientRequestInterceptor to do the digest which is
> > crucial
> > > > to
> > > > > the security protocol:
> > > > > https://tools.ietf.org/html/draft-cavage-http-signatures-10
> > > > >
> > > > > Maybe that should be added as a WriterInterceptor (e.g. quite late
> in
> > > the
> > > > > chain) - as one of the required headers is the Date header?
> > > > >
> > > > > Also - should digest + sign maybe be in one filter - as they go
> > > together
> > > > > to implement the spec?
> > > >
> > >
> > > Yeah I was leaving the digest part until after I did an initial cleanup
> > of
> > > the filters, and supported configuration via properties. I'll look at
> > this
> > > next, although feel free to work on it if you'd prefer.
> > >
> > >
> > > > >
> > > > > Can the interceptors and filters be made non-final -
> > > >
> > >
> > > Done.
> > >
> > > Colm.
> > >
> > > >
> > > > > --
> > > > > --
> > > > > David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
> > > > >
> > > >
> > > >
> > > > --
> > > > --
> > > > David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
> > > >
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> >
> >
> > --
> > --
> > David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: http sig implementation
Posted by Colm O hEigeartaigh <co...@apache.org>.
Well the property is just for loading from a keystore. It's really just a
convenience so that a user using keystores doesn't have to be implementing
interfaces.
So I think having separate interfaces to load public / private keys as well
is a good idea, as it allows users the freedom to store their keys where
they want.
Colm.
On Mon, Apr 1, 2019 at 11:07 AM David Karlsen <da...@gmail.com>
wrote:
> Now as there is property support:
>
> PrivateKey privateKey = KeyManagementUtils.loadPrivateKey(m, props);
>
> There is probably no need for the PrivateKeyProvider interface? (and maybe
> no longer the public one either?)
>
> fre. 29. mar. 2019 kl. 13:09 skrev Colm O hEigeartaigh <
> coheigea@apache.org
> >:
>
> > Hi David,
> >
> > Also - should there be a PrivateKeyProvider:
> > > PrivateKey getKey(String keyId);
> > >
> >
> > +1. Please submit a PR.
> >
> >
> > >
> > > >
> > >
> >
> https://github.com/apache/cxf/tree/master/rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/filters
> > > > There are no ClientRequestInterceptor to do the digest which is
> crucial
> > > to
> > > > the security protocol:
> > > > https://tools.ietf.org/html/draft-cavage-http-signatures-10
> > > >
> > > > Maybe that should be added as a WriterInterceptor (e.g. quite late in
> > the
> > > > chain) - as one of the required headers is the Date header?
> > > >
> > > > Also - should digest + sign maybe be in one filter - as they go
> > together
> > > > to implement the spec?
> > >
> >
> > Yeah I was leaving the digest part until after I did an initial cleanup
> of
> > the filters, and supported configuration via properties. I'll look at
> this
> > next, although feel free to work on it if you'd prefer.
> >
> >
> > > >
> > > > Can the interceptors and filters be made non-final -
> > >
> >
> > Done.
> >
> > Colm.
> >
> > >
> > > > --
> > > > --
> > > > David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
> > > >
> > >
> > >
> > > --
> > > --
> > > David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
> > >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>
>
> --
> --
> David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com