You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Stanton Sievers <si...@gmail.com> on 2011/10/24 22:26:34 UTC
Re: Review Request: Create a KeyProvider to provide an encryption key to the SecurityToken workflow

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2362/
-----------------------------------------------------------

(Updated 2011-10-24 20:26:34.157165)


Review request for shindig, Ryan Baxter, Dan Dumont, and Jesse Ciancetta.


Changes
-------

Adding the dev list.  Pardon the large backlog of discussion.  I wanted to make sure this approach was sane before getting everyone involved.


Summary
-------

Currently, org.apache.shindig.auth.BlobCrypterSecurityTokenCodec.loadContainers(ContainerConfig, Collection<String>, Map<String, BlobCrypter>, Map<String, String>) reads an encryption key from a keyfile to instantiate the BlobCrypter. The keyfile is defined in the container.js. An improvement to this behavior would be to provide an injectable KeyProvider class that can return the key. This would allow the key to reside anywhere instead of in a static keyfile. 

Initial review to Dan, Ryan, and Jesse.  Once we've decided that this seems like a rational approach, I'll add the dev list.

This patch depends on https://reviews.apache.org/r/2467/


This addresses bug SHINDIG-1636.
    https://issues.apache.org/jira/browse/SHINDIG-1636


Diffs
-----

  http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BasicSecurityTokenCodec.java 1187375 
  http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java 1187375 
  http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/DefaultSecurityTokenCodec.java 1187375 
  http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/KeyFileKeyProvider.java PRE-CREATION 
  http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/KeyProvider.java PRE-CREATION 
  http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java 1187375 
  http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/DefaultSecurityTokenCodecTest.java 1187375 
  http://svn.apache.org/repos/asf/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/KeyFileKeyProviderTest.java PRE-CREATION 

Diff: https://reviews.apache.org/r/2362/diff


Testing
-------

Updated and ran existing JUnits.  
Created new JUnits for the new KeyFileKeyProvider.  
Performed manual functional tests with encrypted security tokens in the sample common container.


Thanks,

Stanton