Re: [jclouds-labs] Joyent Blob storage integration (#30)

Mon, 28 Oct 2013 00:42:42 -0700 

> +
> +      return res;
> +   }
> +
> +   private static KeyPair getKeyPair(String keyPath) throws IOException {
> +      BufferedReader br =
> +              new BufferedReader(new 
> InputStreamReader(JoyentBlobRequestSigner.class.getResourceAsStream(keyPath)));
> +
> +      Security.addProvider(new BouncyCastleProvider());
> +      PEMReader pemReader = new PEMReader(br);
> +      try {
> +         return (KeyPair) pemReader.readObject();
> +      } finally {
> +         pemReader.close();
> +      }
> +   }

Here you are using Bouncycastle to read the private key that is being used to 
sign the requests. Could you refactor the code to use the jclouds utilities, so 
we can remove the bouncycastle dependency? A good approach could be to 
configure a `PrivateKey` supplier in the Joyent guice module and use that 
supplier in the constructor to get the PrivateKey. Something like:


```java
@Memoized
@Provides
@Singleton
public Supplier<PrivateKey> supplyKey(@Named(JOYENT_CERT_CLASSPATH) String 
certClasspath,
         Crypto crypto) {
   return Suppliers.memoize(new Supplier<PrivateKey>() {
      @Override
      public PrivateKey get() {
         try {
            InputSupplier<InputStream> pk = Resources.newInputStreamSupplier(
                  Resources.getResource(certClasspath));
            return 
crypto.rsaKeyFactory().generatePrivate(Pems.privateKeySpec(pk));
         } catch (InvalidKeySpecException e) {
            throw Throwables.propagate(e);
         } catch (IOException e) {
            throw Throwables.propagate(e);
         }
      }
   });
}
```
And then use that supplier in the constructor to load the private key:
```java
private final PrivateKey privateKey;

@Inject
public JoyentBlobRequestSigner(@org.jclouds.location.Provider 
Supplier<Credentials> creds,
      @Memoized Supplier<PrivateKey> privateKeySupplier,
      @Named(JoyentConstants.JOYENT_CERT_FINGERPRINT) String fingerPrint)
      throws IOException {
   ...
   privateKey = privateKeySupplier.get();
   ...
}
```

You should be able to load the private key using the jclouds crypto utilities 
and remove the bouncycastle dependency.
This way you can also reuse the private key supplier wherever you need it, and 
you'll also have the private key cached so it is loaded only once (you can add 
a Suppliers.synchronize to the supplier configuration if you want to make it 
thread safe).

---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs/pull/30/files#r7241472

Reply via email to