Add support of SHA-256 algorithm in calculation of auth signatures #215
Conversation
| * @return hex-string representation of signature calculated based on provided parameters map and secret | ||
| */ | ||
| public static String produceSignature(Map<String, Object> paramsToSign, String apiSecret) { | ||
| public static String produceSignature(Map<String, Object> paramsToSign, String apiSecret, Signer algorithmType) { |
There was a problem hiding this comment.
We can't just add a parameter to a public method, we need to keep it backward compatible. To make it viable you should add an overload without the algorithm param, and delegates to this method with the default algorithm (SHA-1)
| public AuthToken authToken; | ||
| public boolean forceVersion = true; | ||
| public boolean longUrlSignature = DEFAULT_IS_LONG_SIGNATURE; | ||
| public Signer signatureAlgorithm = DEFAULT_SIGNATURE_ALGORITHM; |
There was a problem hiding this comment.
This Signer class is a bit problematic - It's either a signer or a signing algorithm. It can't be both.
We need a SignatureAlgorithm enum. The Signer class itself is a bit unnecessary.
Whenever an algorithm is passed around or stored (e.g. in config) it needs to be the enum, not a signer class.
| import java.security.MessageDigest; | ||
| import java.security.NoSuchAlgorithmException; | ||
|
|
||
| public class Signer { |
There was a problem hiding this comment.
We don't need this class, as explained above. It tries to be both the data and the logic. There should just be an enum for the data. That enum can have a string value attached (in a format that MessageDigest recognizes).
An enum can also easily load from string - no need to write your own getByName()
And this class becomes a two-line method in utils (and it gets the signature algorithm enum as a parameter).
| } catch (NoSuchAlgorithmException e) { | ||
| throw new RuntimeException("Unexpected exception", e); | ||
| } | ||
| Signer signer = longUrlSignature ? Signer.SHA256 : config.signatureAlgorithm; |
There was a problem hiding this comment.
So again, this should be the algorithm enum, not a signer class. And then when it's used in line 396 below, just call the signing method sending it the algorithm.
2 participants
No description provided.