Hi Antonio, All, following up the old discussion, I found some spare time to make a proposal and pasted in on Gist[1], if it looks fine for you I'd be happy to track it on JIRA and continue the discussion/development there.
Main concerns I was focused on while making the proposal: * simplify the RSA/HMAC usage for users not familiar with java.security APIs, introducing KeyFactory; * reduce drastically the magic role of Strings in the RSA algorithms, I would avoid end users have to manipulate strings in order to obtain different RSA algorithms, but IMHO it has to be clear which algorithm they are going to use by simply instantiating classes; * have classes well organised, collected in different packages depending by the signature method. Any feedback would be much more than appreciated, many thanks in advance! -Simo [1] https://gist.github.com/simonetripodi/740ec4a8c1fdf06d5f3f http://people.apache.org/~simonetripodi/ http://twitter.com/simonetripodi On Fri, Apr 11, 2014 at 1:51 PM, Simone Tripodi <simonetrip...@apache.org> wrote: > Hi Tonino, > > just few considerations: > >> +public class JwsConstants { >> + >> + public static final String RS256 = "RS256"; >> + >> + public static final String RS384 = "RS384"; >> + >> + public static final String RS512 = "RS512"; >> +} > > I'd reduce this class constructor as 'private' > >> >> Added: >> oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java > > I wouldn't add that classes to a generic 'impl' package, they refer to > specific 'java.security' implementation, so I would suggest to: > > * having them implemented in a separated module/bundle > > * package name be renamed > > WDYT? > Best, > -Simo