-
Notifications
You must be signed in to change notification settings - Fork 113
Add support of SHA-256 algorithm in calculation of auth signatures #215
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
* @return hex-string representation of signature calculated based on provided parameters map and secret | ||
*/ | ||
public static String produceSignature(Map<String, Object> paramsToSign, String apiSecret) { | ||
public static String produceSignature(Map<String, Object> paramsToSign, String apiSecret, Signer algorithmType) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can't just add a parameter to a public method, we need to keep it backward compatible. To make it viable you should add an overload without the algorithm param, and delegates to this method with the default algorithm (SHA-1)
public AuthToken authToken; | ||
public boolean forceVersion = true; | ||
public boolean longUrlSignature = DEFAULT_IS_LONG_SIGNATURE; | ||
public Signer signatureAlgorithm = DEFAULT_SIGNATURE_ALGORITHM; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This Signer
class is a bit problematic - It's either a signer
or a signing algorithm
. It can't be both.
We need a SignatureAlgorithm
enum. The Signer
class itself is a bit unnecessary.
Whenever an algorithm is passed around or stored (e.g. in config) it needs to be the enum, not a signer class.
import java.security.MessageDigest; | ||
import java.security.NoSuchAlgorithmException; | ||
|
||
public class Signer { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need this class, as explained above. It tries to be both the data and the logic. There should just be an enum for the data. That enum can have a string value attached (in a format that MessageDigest
recognizes).
An enum can also easily load from string - no need to write your own getByName()
And this class becomes a two-line method in utils (and it gets the signature algorithm enum as a parameter).
} catch (NoSuchAlgorithmException e) { | ||
throw new RuntimeException("Unexpected exception", e); | ||
} | ||
Signer signer = longUrlSignature ? Signer.SHA256 : config.signatureAlgorithm; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So again, this should be the algorithm enum, not a signer class. And then when it's used in line 396 below, just call the signing method sending it the algorithm.
No description provided.