aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pom.xml13
-rw-r--r--src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java20
-rw-r--r--src/test/java/com/juick/server/tests/ServerTests.java37
3 files changed, 18 insertions, 52 deletions
diff --git a/pom.xml b/pom.xml
index 422facbe..1a578285 100644
--- a/pom.xml
+++ b/pom.xml
@@ -183,6 +183,11 @@
<version>1.7</version>
</dependency>
<dependency>
+ <groupId>org.tomitribe</groupId>
+ <artifactId>churchkey</artifactId>
+ <version>0.14</version>
+ </dependency>
+ <dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>3.0.2</version>
@@ -251,12 +256,6 @@
<version>2.5.3</version>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
- <version>1.70</version>
- <scope>test</scope>
- </dependency>
</dependencies>
<build>
<pluginManagement>
@@ -349,4 +348,4 @@
</dependencies>
</profile>
</profiles>
-</project>
+</project> \ No newline at end of file
diff --git a/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java b/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java
index 10ac4c5a..2de9ea4a 100644
--- a/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java
+++ b/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java
@@ -20,19 +20,16 @@ package com.github.scribejava.apis;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
-import java.nio.charset.StandardCharsets;
-import java.security.Key;
-import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
-import java.security.spec.EncodedKeySpec;
import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
import java.time.Instant;
import java.time.ZoneId;
import java.time.ZonedDateTime;
-import java.util.Base64;
import java.util.Date;
+import org.tomitribe.churchkey.Key;
+import org.tomitribe.churchkey.Keys;
+
public class AppleClientSecretGenerator {
private final String subject;
private final String teamId;
@@ -49,14 +46,7 @@ public class AppleClientSecretGenerator {
this.teamId = teamId;
this.pemData = pemData;
- String p8encodedData = new String(getPemData(), StandardCharsets.UTF_8)
- .replace(
- "-----BEGIN PRIVATE KEY-----\n", "")
- .replace("\n", "")
- .replace("-----END PRIVATE KEY-----", "");
- KeyFactory kf = KeyFactory.getInstance("EC");
- EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(p8encodedData));
- signingKey = kf.generatePrivate(keySpec);
+ this.signingKey = Keys.decode(pemData);
}
public String getClientSecret() {
@@ -68,7 +58,7 @@ public class AppleClientSecretGenerator {
.setIssuedAt(Date.from(now))
.setSubject(subject)
.setExpiration(Date.from(ZonedDateTime.ofInstant(now, ZoneId.of("UTC")).plusMonths(1).toInstant()))
- .signWith(signingKey, SignatureAlgorithm.ES256)
+ .signWith(signingKey.getKey(), SignatureAlgorithm.ES256)
.compact();
}
diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java
index e5b4562c..a23c0a6f 100644
--- a/src/test/java/com/juick/server/tests/ServerTests.java
+++ b/src/test/java/com/juick/server/tests/ServerTests.java
@@ -184,15 +184,6 @@ import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.text.StringEscapeUtils;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.jce.ECNamedCurveTable;
-import org.bouncycastle.jce.interfaces.ECPrivateKey;
-import org.bouncycastle.jce.interfaces.ECPublicKey;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import org.bouncycastle.jce.spec.ECPublicKeySpec;
-import org.bouncycastle.math.ec.ECPoint;
-import org.bouncycastle.openssl.PEMParser;
-import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.MethodOrderer;
@@ -235,6 +226,8 @@ import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;
import org.tomitribe.auth.signatures.Base64;
+import org.tomitribe.churchkey.Key;
+import org.tomitribe.churchkey.Keys;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
@@ -2493,28 +2486,12 @@ public class ServerTests {
public void testAppleClientSecret()
throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, NoSuchProviderException {
String secret = new String(clientSecretGenerator.getClientSecret().getBytes(), StandardCharsets.UTF_8);
- Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
- JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
- pemConverter.setProvider("BC");
- final Reader pemReader = new InputStreamReader(new ByteArrayInputStream(clientSecretGenerator.getPemData()));
- final PEMParser parser = new PEMParser(pemReader);
- PrivateKey privateKey;
- Object pemObj = parser.readObject();
+ final Key key = Keys.decode(clientSecretGenerator.getPemData());
+
+ // Get the public key
+ final Key publicKey = key.getPublicKey();
- privateKey = pemConverter.getPrivateKey((PrivateKeyInfo) pemObj);
-
- // Generate public key from private key
- KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
- ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("secp256r1");
-
- ECPoint Q = ecSpec.getG().multiply(((ECPrivateKey) privateKey).getD());
- byte[] publicDerBytes = Q.getEncoded(false);
-
- ECPoint point = ecSpec.getCurve().decodePoint(publicDerBytes);
- ECPublicKeySpec pubSpec = new ECPublicKeySpec(point, ecSpec);
- ECPublicKey publicKeyGenerated = (ECPublicKey) keyFactory.generatePublic(pubSpec);
-
- Jws<Claims> jwt = Jwts.parserBuilder().setSigningKey(publicKeyGenerated).build().parseClaimsJws(secret);
+ Jws<Claims> jwt = Jwts.parserBuilder().setSigningKey(publicKey.getKey()).build().parseClaimsJws(secret);
assertThat(jwt.getHeader().get("kid"), is("keyid"));
assertThat(jwt.getHeader().get("alg"), is("ES256"));
Claims claims = jwt.getBody();