Comments (7)
IMO the project should be rewritten with a more clear public API, typehints and contracts.
See https://github.com/Maks3w/xmldsig/blob/master/src/Adapter/AdapterInterface.phpas an example of a facade API for this project.
Probably the project could have low level classes like now and additional classes for easy consumption of the diferent standards (like XMLDsig)
from xmlseclibs.
/cc @jaimeperez Because he already propose a change in the visibility for behavior customization. May he can suggest something about how he expects public API should be.
from xmlseclibs.
I am not considering adding more abstraction or changing interfaces for the sake of purity at the expense of performance. Will consider them on a case by case basis depending upon need/use of functionality. The library has been around for over 8 years and have yet had anyone inquire or express the need.
from xmlseclibs.
It is not for the sake of purity - I plan to replace the Mcrypt-Extension and implemented a PoC for replacing the Extensions via Strategy like discussed in #38 and #55. This is a nasty thing doing it without having Getters and Setters instead of private members.
from xmlseclibs.
Just for a POC still doesn't justify it. To replace mcrypt I am planning on just moving to leverage openssl which also will reduce dependancies. Still have never had a request nor heard a justifiable reason to support multiple crypto libs. I think the work to move from mcrypt to openssl would be much more useful imho.
from xmlseclibs.
Okay, let's keep this CR in Mind and implement it when it is needed. I appreciated that there should be a Strategy to implement several Crypto-Extensions in the future (like discussed in #38).
In my opinion it is necessary to switch to Getters and Setters in the future to get an clear API and making the Library better extensible.
from xmlseclibs.
Hi!
Looks like I missed this thread...
In any case, I don't think it's unreasonable to support multiple crypto libs. We can see already people willing to get rid of mcrypt
. We can just do that by using openssl
for everything, of course, but what about those willing to use phpseclib
? What about other legitimate use cases where neither mcrypt
nor openssl
(nor phpseclib
) are enough?
Let's have an example. One of the features that we've been requested during the past months was to support in SimpleSAMLphp the use of HSMs to sign metadata or SAML messages. We don't do XML signatures or encryption in SimpleSAMLphp, that's what we use XMLSecLibs for. Similarly, XMLSecLibs does not do crypto itself, it just uses other libraries to implement crypto inside XML, which is its main purpose. Neither mcrypt
nor openssl
offer any capabilities to interact with an HSM over the network via PKCS#11 over a REST interface. Since that would be the only deployment scenario many could consider, the lack of support for this in the crypto libraries and the impossibility to change the crypto libraries used by XMLSecLibs, locks us out and makes it subsequently impossible for us to implement such a request.
from xmlseclibs.
Related Issues (20)
- Set URI attribute with a fixed value HOT 4
- When Need To Set Attribute URI = '' HOT 1
- X509IssuerName wrong oid 2.5.4.97
- Suggestion: a developer friendly, secure API HOT 4
- Warning: Use of undefined constant MCRYPT_RIJNDAEL_128 - assumed 'MCRYPT_RIJNDAEL_128' (this will throw an Error in a future version of PHP) in C:\laragon\www\ft_bni_lkpd\config\app.php on line 83 HOT 3
- X509Certificate DUPLICATED
- can not verify signature from xmlseclibs with python signxml library - simplesaml compatibility issue
- Unsupported Signature HOT 4
- I have to digitally sign an XML document with the xmlseclibs library in Codeigniter4 HOT 2
- Signatures done with XMLSecurityDSig do not pass C# DOTNET validation
- Missing some docs on simply parsing and visualizing an XMLDSig
- Getting the "openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate! in nextcloud server SAML auth. HOT 9
- openssl_verify() failure with PHP 8.1 (works with 7.4) HOT 15
- How to use XMLSecEnc to implement data encryption? HOT 1
- There is an invalid signature error HOT 2
- Reference validation failed after (minor!) PHP update from 8.2.7 to 8.2.8 HOT 8
- I am getting the error : signature failed validation - installation details may have been altered
- Signature Validation Failed using Java HOT 1
- Use of RSA Algorithm without OAEP HOT 2
- Uncaught Error: Undefined constant "RobRichards\XMLSecLibs\OPENSSL_PKCS1_PADDING" // Library not detecting openssl extension HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xmlseclibs.