Put Crypto Libraries Behind A Trait#75
Merged
njaremko merged 4 commits intonjaremko:masterfrom Oct 15, 2025
Merged
Conversation
Pulled the key crypto functions behind an interface so we can disable xmlsec without the same quantity of feature flags. This still doesn't fully compile with xmlsec disabled but tests still pass with it enabled.
Cleanup clippy lints and wrapped one more function that was found to be used for crypto
* Remove references to OpenSSL from core functions which means abstracting certs and private keys. * Moved URL signing to the url_verification module to avoid OpenSSL dependency in service provider. * Just URL Verifier now depends directly on primitives.
JamesWiresmith
force-pushed
the
crypto_refactor
branch
from
28ec4eb to
dd13e1c
Compare
Owner
|
Thanks for this @JamesMc86 I'll try to give you a review today or tomorrow. |
Owner
|
I dropped the ball on this, I'll review tonight 👍 |
Contributor
Author
|
Thanks! No worries, I know what it can be like |
Owner
|
Merged, thank you for your patience with me @JamesMc86 |
Contributor
Author
|
Fantastic thanks, I appreciate this was a big PR. Hopefully new ones will be more straightforward! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Apologies for the rather large drive-by PR but this should make maintenance easier going forward I hope.
Background
The driving factor behind this change is:
Concept
By putting the crypto functions behind an interface we are able to swap the backends out more easily. The xmlsec dependencies are all contained to the crypto module.
The feature flags set a public type which will point to the active crypto method. This removes having the xmlsec flags over all of the code and I think moves back to making xmlsec optional (but will throw errors if crypto functions are required).
Still To Do
I think this PR is complete but there is still more to do to complete the transformation that I need:
Let me know if that looks good. I'm going to need this capability at some point so it would be great to have it upstream.