[names] Remove PHP serialization and hashing for Web service cache

re1 / jacq-javaee

https://development.senegate.at/confluence/display/JACQ

0 stars 0 forks source link

[names] Remove PHP serialization and hashing for Web service cache #18

Open re1 opened 4 years ago

re1 commented 4 years ago

The Web service cache is as implemented from #15 is currently using PHP string serialization and SHA1 hashing for using hexadecimal strings in order to query cached responses from the currently active OpenUp! project.

This serialization and hashing is to be either removed or improved for language independent use.

re1 commented 4 years ago

Here is an example of how queries are currently hashed:

id	query	service_id
32556232	0000043260928acf7cfacb39a6e2c23d88b3280a	2
41756652	0000043260928acf7cfacb39a6e2c23d88b3280a	2
48036015	0000043260928acf7cfacb39a6e2c23d88b3280a	2
59794586	0000043260928acf7cfacb39a6e2c23d88b3280a	2
62229379	0000043260928acf7cfacb39a6e2c23d88b3280a	2
182203	000004611db1b89d7923ca802b6915ef3d563efc	2
3973722	000004611db1b89d7923ca802b6915ef3d563efc	2
6701528	000004611db1b89d7923ca802b6915ef3d563efc	2
11822393	000004611db1b89d7923ca802b6915ef3d563efc	2
41297069	000004611db1b89d7923ca802b6915ef3d563efc	2

re1 commented 4 years ago

In PHP the hashing happens as follows

sha1(serialize("Taraxacum officinale"))

The Java equivalent for this is

String s = Pherialize.serialize("Taraxacum officinale");

try {
    // create MD5 Hash
    MessageDigest digest = MessageDigest.getInstance("SHA-1");
    digest.update(s.getBytes());
    // create Hex String for comparision with existing PHP SHA1 hashes
    StringBuilder hexString = new StringBuilder();
    for (byte b : digest.digest()) hexString.append(String.format("%02X", 0xFF & b));
    // existing query hashes are also in lower case
    s = hexString.toString().toLowerCase();
} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
}

where Pherialize is only used to (de-)serialize Strings as in PHP.

re1 commented 3 years ago

Web service responses are also currently serialized as in PHP and not in plain text. In order to fully remove the need for PHP (de-)serialization the existing OpenUp! Web service cache table has to be adjusted.

re1 commented 3 years ago

PHP (de-)serialization for results could temporarily be moved to the TblWebserviceCache class in order to improve readability and avoid unintentional use of (de-)serialized response strings.