Uploaded image for project: 'Commons Crypto'
  1. Commons Crypto
  2. CRYPTO-81

improve factory api for constructing Random & Cipher

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • None
    • None
    • None

    Description

      currently, the client code to construct a CryptoRandom or CryptoCipher looks like this:

      // code snippet (a)
      Properties props = new Properties();
      props.setProperty(
           ConfigurationKeys.COMMONS_CRYPTO_SECURE_RANDOM_CLASSES_KEY,
                      OpensslCryptoRandom.class.getName());
      CryptoRandom random = CryptoRandomFactory.getCryptoRandom(props);
      

      or using configuration file, it looks like :

      # config file
      secure.random.classes="org.apache.commons.crypto.random.OpensslCryptoRandom"
      
      // code snippet (b)
      {
          Properties props = loadMyApplicationConfig();
          // ...
      }
       
      {
          // bussiness logic ...
          CryptoRandom random = CryptoRandomFactory.getCryptoRandom(props);
          // ...
          CryptoCipher cipher = CryptoCipherFactory.getInstance(transform, props);
      }
      

      disadvantages:
      1. if client user just want use openssl engine, trivial stuff in code snippet (a). it looks annoying.
      2. Client user has to use the long long config key string such as "COMMONS_CRYPTO_SECURE_RANDOM_CLASSES_KEY" or full name of classes
      Client user has to read source to learn how to config the properties.
      3. the implementation classes such as JavaCryptoRandom, OsCryptoRandom and JavaCryptoRandom are public.
      it would be hard to change library implementation in future.

      if we just use a enum (RandomProvider or CryptCipherProvider)

      // code snippet (c)
      // client code looks simple and elegant now:
      //RandomProvider.OS or RandomProvider.JAVA
      CryptoRandom random = CryptoRandomFactory.getCryptoRandom(RandomProvider.OPENSSL);
      

      still, client user can use configuration file

      # config file
      RandomProvider="OPENSSL"
      CryptCipherProvider="JCE"
      
      // code snippet 
      {
          Properties props = loadMyApplicationConfig();
          RandomProvider randProvider = RandomProvider.valueOf(props.getProperty(p1));
          CryptoProvider cryptoRrovider =RandomProvider.valueOf(props.getProperty(p1));
      }
      {
          // bussiness logic ...
          CryptoRandom random = CryptoRandomFactory.getCryptoRandom(randProvider);
          // ...
          CryptoCipher cipher = CryptoCipherFactory.getInstance(transform, cryptoRrovider);
      }
      

      advantages:
      1. Simpler API. snippet (c) is simpler than snippet (a).
      2. Modern IDE will hint that CryptoRandomFactory.getCryptoRandom() need a enum type (RandomProvider). client user do NOT have to search the long key string such as "COMMONS_CRYPTO_SECURE_RANDOM_CLASSES_KEY". Modern IDE will tell client user how to config
      3. we don't have to expose the implementation classes as public

      Attachments

        Issue Links

          Activity

            People

              kexianda Xianda Ke
              kexianda Xianda Ke
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: