Use Churchkey library to read PEM files and keys

author: Vitaly Takmazov 2022-05-12 23:17:43 +0300
committer: Vitaly Takmazov 2022-05-12 23:17:43 +0300
commit: 72f3289f339ef3b8fe37be3740ff390d970f8e0e (patch)
tree: 4e3499cf0458c429ac511e962a6ee9a8e70d6674
parent: 31cb8c7526b96c6577badb203a336685a806b802 (diff)
3 files changed, 18 insertions, 52 deletions
diff --git a/pom.xml b/pom.xml
index 422facbe..1a578285 100644
--- a/pom.xml
+++ b/pom.xml
@@ -183,6 +183,11 @@
             <version>1.7</version>
         </dependency>
         <dependency>
+            <groupId>org.tomitribe</groupId>
+            <artifactId>churchkey</artifactId>
+            <version>0.14</version>
+        </dependency>
+        <dependency>
             <groupId>com.google.code.findbugs</groupId>
             <artifactId>jsr305</artifactId>
             <version>3.0.2</version>
@@ -251,12 +256,6 @@
             <version>2.5.3</version>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcpkix-jdk15on</artifactId>
-            <version>1.70</version>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
     <build>
         <pluginManagement>
@@ -349,4 +348,4 @@
             </dependencies>
         </profile>
     </profiles>
-</project>
+</project>
+\ No newline at end of file
diff --git a/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java b/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java
index 10ac4c5a..2de9ea4a 100644
--- a/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java
+++ b/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java
@@ -20,19 +20,16 @@ package com.github.scribejava.apis;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 
-import java.nio.charset.StandardCharsets;
-import java.security.Key;
-import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
-import java.security.spec.EncodedKeySpec;
 import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
 import java.time.Instant;
 import java.time.ZoneId;
 import java.time.ZonedDateTime;
-import java.util.Base64;
 import java.util.Date;
 
+import org.tomitribe.churchkey.Key;
+import org.tomitribe.churchkey.Keys;
+
 public class AppleClientSecretGenerator {
     private final String subject;
     private final String teamId;
@@ -49,14 +46,7 @@ public class AppleClientSecretGenerator {
         this.teamId = teamId;
 
         this.pemData = pemData;
-        String p8encodedData = new String(getPemData(), StandardCharsets.UTF_8)
-                .replace(
-                        "-----BEGIN PRIVATE KEY-----\n", "")
-                .replace("\n", "")
-                .replace("-----END PRIVATE KEY-----", "");
-        KeyFactory kf = KeyFactory.getInstance("EC");
-        EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(p8encodedData));
-        signingKey = kf.generatePrivate(keySpec);
+        this.signingKey = Keys.decode(pemData);
     }
 
     public String getClientSecret() {
@@ -68,7 +58,7 @@ public class AppleClientSecretGenerator {
                 .setIssuedAt(Date.from(now))
                 .setSubject(subject)
                 .setExpiration(Date.from(ZonedDateTime.ofInstant(now, ZoneId.of("UTC")).plusMonths(1).toInstant()))
-                .signWith(signingKey, SignatureAlgorithm.ES256)
+                .signWith(signingKey.getKey(), SignatureAlgorithm.ES256)
                 .compact();
     }
 
diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java
index e5b4562c..a23c0a6f 100644
--- a/src/test/java/com/juick/server/tests/ServerTests.java
+++ b/src/test/java/com/juick/server/tests/ServerTests.java
@@ -184,15 +184,6 @@ import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.tuple.Pair;
 import org.apache.commons.text.StringEscapeUtils;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.jce.ECNamedCurveTable;
-import org.bouncycastle.jce.interfaces.ECPrivateKey;
-import org.bouncycastle.jce.interfaces.ECPublicKey;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import org.bouncycastle.jce.spec.ECPublicKeySpec;
-import org.bouncycastle.math.ec.ECPoint;
-import org.bouncycastle.openssl.PEMParser;
-import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.MethodOrderer;
@@ -235,6 +226,8 @@ import org.springframework.web.client.RestTemplate;
 import org.springframework.web.util.UriComponents;
 import org.springframework.web.util.UriComponentsBuilder;
 import org.tomitribe.auth.signatures.Base64;
+import org.tomitribe.churchkey.Key;
+import org.tomitribe.churchkey.Keys;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
@@ -2493,28 +2486,12 @@ public class ServerTests {
     public void testAppleClientSecret()
             throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, NoSuchProviderException {
         String secret = new String(clientSecretGenerator.getClientSecret().getBytes(), StandardCharsets.UTF_8);
-        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
-        JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
-        pemConverter.setProvider("BC");
-        final Reader pemReader = new InputStreamReader(new ByteArrayInputStream(clientSecretGenerator.getPemData()));
-        final PEMParser parser = new PEMParser(pemReader);
-        PrivateKey privateKey;
-        Object pemObj = parser.readObject();
+        final Key key = Keys.decode(clientSecretGenerator.getPemData());
+        
+        // Get the public key
+        final Key publicKey = key.getPublicKey();
 
-        privateKey = pemConverter.getPrivateKey((PrivateKeyInfo) pemObj);
-
-        // Generate public key from private key
-        KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
-        ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("secp256r1");
-
-        ECPoint Q = ecSpec.getG().multiply(((ECPrivateKey) privateKey).getD());
-        byte[] publicDerBytes = Q.getEncoded(false);
-
-        ECPoint point = ecSpec.getCurve().decodePoint(publicDerBytes);
-        ECPublicKeySpec pubSpec = new ECPublicKeySpec(point, ecSpec);
-        ECPublicKey publicKeyGenerated = (ECPublicKey) keyFactory.generatePublic(pubSpec);
-
-        Jws<Claims> jwt = Jwts.parserBuilder().setSigningKey(publicKeyGenerated).build().parseClaimsJws(secret);
+        Jws<Claims> jwt = Jwts.parserBuilder().setSigningKey(publicKey.getKey()).build().parseClaimsJws(secret);
         assertThat(jwt.getHeader().get("kid"), is("keyid"));
         assertThat(jwt.getHeader().get("alg"), is("ES256"));
         Claims claims = jwt.getBody();
author	Vitaly Takmazov	2022-05-12 23:17:43 +0300
committer	Vitaly Takmazov	2022-05-12 23:17:43 +0300
commit	72f3289f339ef3b8fe37be3740ff390d970f8e0e (patch)
tree	4e3499cf0458c429ac511e962a6ee9a8e70d6674
parent	31cb8c7526b96c6577badb203a336685a806b802 (diff)