commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xianda Ke (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CRYPTO-81) improve factory api for constructing Random & Cipher
Date Thu, 16 Jun 2016 15:12:05 GMT

    [ https://issues.apache.org/jira/browse/CRYPTO-81?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15333921#comment-15333921
] 

Xianda Ke edited comment on CRYPTO-81 at 6/16/16 3:11 PM:
----------------------------------------------------------

[~sebb@apache.org], agree with you. using System properties for configuration is not a good
idea

i prefer to use a enum parameter for the factory, with the type info, IDE will tell user how
to config when writing code.  we won't use Properties to construct Random or Cipher in the
library implementation. if client user want to change the provider at run time, himself can
decide how to do. 



was (Author: kexianda):
[~sebb@apache.org], agree with you. using System properties for configuration is not a good
idea

i prefer to use a enum parameter for the factory, with the type info, IDE will tell user how
to config.


> improve factory api for constructing Random & Cipher
> ----------------------------------------------------
>
>                 Key: CRYPTO-81
>                 URL: https://issues.apache.org/jira/browse/CRYPTO-81
>             Project: Commons Crypto
>          Issue Type: Bug
>            Reporter: Xianda Ke
>            Assignee: Xianda Ke
>
> currently, the client code to construct a CryptoRandom or CryptoCipher looks like this:
> {code}
> // code snippet (a)
> Properties props = new Properties();
> props.setProperty(
>      ConfigurationKeys.COMMONS_CRYPTO_SECURE_RANDOM_CLASSES_KEY,
>                 OpensslCryptoRandom.class.getName());
> CryptoRandom random = CryptoRandomFactory.getCryptoRandom(props);
> {code}
> or using configuration file, it looks like :
> {code}
> # config file
> secure.random.classes="org.apache.commons.crypto.random.OpensslCryptoRandom"
> {code}
> {code}
> // code snippet (b)
> {
>     Properties props = loadMyApplicationConfig();
>     // ...
> }
>  
> {
>     // bussiness logic ...
>     CryptoRandom random = CryptoRandomFactory.getCryptoRandom(props);
>     // ...
>     CryptoCipher cipher = CryptoCipherFactory.getInstance(transform, props);
> }
> {code}
> disadvantages:
> 1. if client user just want use openssl engine,  trivial stuff in code snippet (a). it
looks annoying.
> 2. Client user has to use the long long config key string such as  "COMMONS_CRYPTO_SECURE_RANDOM_CLASSES_KEY"
or full name of classes
>  Client user has to read source to  learn how to config the properties. 
> 3. the implementation classes such as JavaCryptoRandom,  OsCryptoRandom and JavaCryptoRandom
are public.
> it would be hard to change library implementation in future.
> if we just *use a enum (RandomProvider or CryptCipherProvider)*
> {code}
> // code snippet (c)
> // client code looks simple and elegant now:
> //RandomProvider.OS or RandomProvider.JAVA
> CryptoRandom random = CryptoRandomFactory.getCryptoRandom(RandomProvider.OPENSSL);
> {code}
> still, client user can use configuration file
> {code}
> # config file
> RandomProvider="OPENSSL"
> CryptCipherProvider="JCE"
> {code}
> {code}
> // code snippet 
> {
>     Properties props = loadMyApplicationConfig();
>     RandomProvider randProvider = RandomProvider.valueOf(props.getProperty(p1));
>     CryptoProvider cryptoRrovider =RandomProvider.valueOf(props.getProperty(p1));
> }
> {
>     // bussiness logic ...
>     CryptoRandom random = CryptoRandomFactory.getCryptoRandom(randProvider);
>     // ...
>     CryptoCipher cipher = CryptoCipherFactory.getInstance(transform, cryptoRrovider);
> }
> {code}
> advantages:
> 1. Simpler API.  snippet (c) is simpler than snippet (a).  
> 2. Modern IDE will hint that CryptoRandomFactory.getCryptoRandom()  need a enum type
(RandomProvider). client user do NOT have to search the long  key string such as "COMMONS_CRYPTO_SECURE_RANDOM_CLASSES_KEY".
Modern IDE will tell client user how to config
> 3. we don't have to expose the implementation classes as public



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message