fernet-java8 icon indicating copy to clipboard operation
fernet-java8 copied to clipboard

Published 20 hours ago verified publisher icon l0s

Object to encapsulate token creation parameters

Open l0s opened this issue 8 years ago • 2 comments

Consider creating an object for generating Fernet tokens that encapsulates the entropy source ( Random ) and time source ( Clock ). This would function similar to the way Validator works for validation and decryption.

Narrative

As a software engineer I would like to control the entropy source and time source for generated tokens So that I achieve consistency between components in the system.

l0s avatar Sep 25 '17 00:09 l0s

I'm considering making Generator type-aware so it can abstract POJO serialisation.

l0s avatar Oct 09 '17 23:10 l0s

Draft #172 includes a proposal for a builder and a factory as well as examples. There is no reason they couldn't both be used.

Factory Usage:

Token token = factory.generateToken( pojo ); // type-aware

Factory Creation (simple):

TokenFactory factory = new TokenFactory( convertPojo, () -> key );

Factory Creation (complex):

TokenFactory factory = new TokenFactory( clock, entropySource, convertPojo, getPrimaryKey )

Builder Usage:

Token token = builder.build( id ); // only supports strings and byte arrays

Builder Creation (simple):

TokenBuilder builder = new TokenBuilder().withKey( key );

Builder Creation (complex):

TokenBuilder builder = new TokenBuilder().withClock( clock ).withEntropySource( entropySource ).withKeySupplier( getPrimaryKey );

l0s avatar Jul 24 '19 14:07 l0s