java-http-signature-4.0.3

Added

• The key fingerprint is now internally calculated instead of using a
  user supplied String.
• Utility methods for calculating MD5 fingerprints, calculating
  SHA256 fingerprints, and verifying OpenSSH's string format have
  been added.

Changed

• Methods that took an explicit fingerprint String now ignore it in
  favor of the internally calculated one. These methods have been
  deprecated and will be removed in a future version.

java-http-signature-4.0.2

Changed

• Bouncy Castle dependency was upgraded.

java-http-signature-4.0.1

Added

• HTTP signature caching with Apache HTTP Client module - signatures
  with the same date time value are now cached and signature
  generation is skipped. This is useful for high-traffic connections
  to Manta.
• Added support for libnss to do ECDSA signing via the PKCS11 interface.

java-http-signature-4.0.0

Added

• DSA and ECDSA keys (and signing) are now supported. No changes are
  needed at this time if only RSA keys are used. See below for
  related API changes and deprecations.
• Multiple hash algorithms (besides SHA256) are now supported.
  Because signing is almost always more expensive than hashing,
  changing from the default hashing algorithm is unlikely to yield a
  significant performance benefit.
• A new microbench module contains micro-benchmarks to aid in the
  development of this library. They are not a stable public
  contract.

Changed

• The minimum Java version is now 1.8.
• To support multiple key types, a builder pattern is now the
  preferred way to instantiate Signer and ThreadLocalSigner. See
  Signer.Builder for more details. Given a key, the builder can
  select the appropriate signing algorithm. The old constructors are
  now deprecated and will be removed in a future release.
• Several public fields and methods of Signer that exposed internal
  details have been removed. That is the breaking change of this
  release.
• Since a Signer now needs a KeyPair to be instantiated, the
  various "get me a key" methods are moved to KeyPairLoader. The
  old methods are now deprecated and will be removed in a future
  release.
• Previously it was easy to end up with multiple ThreadLocalSigner
  instances. This was mostly harmless (except for resources cleanup)
  when everything was hard coded to be SHA256withRSA, but quickly
  leads to errors when the signers have different configuration. It
  is now best to create a single ThreadLocalSigner per key (ie
  usually just one) and pass that downstream. Several classes in
  apache-http-client and google-http-client have changed to
  encourage this. Methods that implicitly created an unconfigured
  ThreadLocalSigner are now deprecated and will be removed in a
  future release.

java-http-signature-3.0.2

Added

• We now use JCE specified message digests for calculating checksums.
  This allows for plugging native checksum algorithms.
• We now append total signing time as an HTTP header.

Changed

• Added MPLv2 headers to all of the source files.
• Upgraded checkstyle version and added header check.

java-http-signature-3.0.1

Changed

• Used additional methods available from jnagmp to accelerate
  signature generation.

java-http-signature-3.0.0

Changed

• Deprecated com.joyent.http.signature.google.httpclient.RequestHttpSigner.signURI.
  This method is now being provided directly in the Manta SDK.
• Upgraded to jnagmp 2.0.0.

  Added

• Added HttpSignatureRequestInterceptor as an addition method to perform authentication with Apache HTTP Client.

java-http-signature-2.2.2

Fixed

• Fixed locales aren't hardcoded to English

java-http-signature-2.2.1

Changed

• Upgraded Apache HTTP Client.
• Upgraded Google HTTP Client.

java-http-signature-2.2.0

Changed

• Changed license from MIT to the MPL v2.
• Fixed #12 - Removed request id generation from Apache HTTP client helper
  because it best belongs in the consumer of the library.
• Fixed #12 - Removed request id generation from Google HTTP client helper
  because it best belongs in the consumer of the library.