From 72f3289f339ef3b8fe37be3740ff390d970f8e0e Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Thu, 12 May 2022 23:17:43 +0300 Subject: Use Churchkey library to read PEM files and keys --- pom.xml | 13 ++++---- .../apis/AppleClientSecretGenerator.java | 20 +++--------- .../java/com/juick/server/tests/ServerTests.java | 37 ++++------------------ 3 files changed, 18 insertions(+), 52 deletions(-) diff --git a/pom.xml b/pom.xml index 422facbe..1a578285 100644 --- a/pom.xml +++ b/pom.xml @@ -182,6 +182,11 @@ tomitribe-http-signatures 1.7 + + org.tomitribe + churchkey + 0.14 + com.google.code.findbugs jsr305 @@ -251,12 +256,6 @@ 2.5.3 test - - org.bouncycastle - bcpkix-jdk15on - 1.70 - test - @@ -349,4 +348,4 @@ - + \ No newline at end of file diff --git a/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java b/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java index 10ac4c5a..2de9ea4a 100644 --- a/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java +++ b/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java @@ -20,19 +20,16 @@ package com.github.scribejava.apis; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; -import java.nio.charset.StandardCharsets; -import java.security.Key; -import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; -import java.security.spec.EncodedKeySpec; import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; import java.time.Instant; import java.time.ZoneId; import java.time.ZonedDateTime; -import java.util.Base64; import java.util.Date; +import org.tomitribe.churchkey.Key; +import org.tomitribe.churchkey.Keys; + public class AppleClientSecretGenerator { private final String subject; private final String teamId; @@ -49,14 +46,7 @@ public class AppleClientSecretGenerator { this.teamId = teamId; this.pemData = pemData; - String p8encodedData = new String(getPemData(), StandardCharsets.UTF_8) - .replace( - "-----BEGIN PRIVATE KEY-----\n", "") - .replace("\n", "") - .replace("-----END PRIVATE KEY-----", ""); - KeyFactory kf = KeyFactory.getInstance("EC"); - EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(p8encodedData)); - signingKey = kf.generatePrivate(keySpec); + this.signingKey = Keys.decode(pemData); } public String getClientSecret() { @@ -68,7 +58,7 @@ public class AppleClientSecretGenerator { .setIssuedAt(Date.from(now)) .setSubject(subject) .setExpiration(Date.from(ZonedDateTime.ofInstant(now, ZoneId.of("UTC")).plusMonths(1).toInstant())) - .signWith(signingKey, SignatureAlgorithm.ES256) + .signWith(signingKey.getKey(), SignatureAlgorithm.ES256) .compact(); } diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java index e5b4562c..a23c0a6f 100644 --- a/src/test/java/com/juick/server/tests/ServerTests.java +++ b/src/test/java/com/juick/server/tests/ServerTests.java @@ -184,15 +184,6 @@ import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.tuple.Pair; import org.apache.commons.text.StringEscapeUtils; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.jce.ECNamedCurveTable; -import org.bouncycastle.jce.interfaces.ECPrivateKey; -import org.bouncycastle.jce.interfaces.ECPublicKey; -import org.bouncycastle.jce.spec.ECParameterSpec; -import org.bouncycastle.jce.spec.ECPublicKeySpec; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.openssl.PEMParser; -import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.MethodOrderer; @@ -235,6 +226,8 @@ import org.springframework.web.client.RestTemplate; import org.springframework.web.util.UriComponents; import org.springframework.web.util.UriComponentsBuilder; import org.tomitribe.auth.signatures.Base64; +import org.tomitribe.churchkey.Key; +import org.tomitribe.churchkey.Keys; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NamedNodeMap; @@ -2493,28 +2486,12 @@ public class ServerTests { public void testAppleClientSecret() throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, NoSuchProviderException { String secret = new String(clientSecretGenerator.getClientSecret().getBytes(), StandardCharsets.UTF_8); - Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); - JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); - pemConverter.setProvider("BC"); - final Reader pemReader = new InputStreamReader(new ByteArrayInputStream(clientSecretGenerator.getPemData())); - final PEMParser parser = new PEMParser(pemReader); - PrivateKey privateKey; - Object pemObj = parser.readObject(); + final Key key = Keys.decode(clientSecretGenerator.getPemData()); + + // Get the public key + final Key publicKey = key.getPublicKey(); - privateKey = pemConverter.getPrivateKey((PrivateKeyInfo) pemObj); - - // Generate public key from private key - KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC"); - ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("secp256r1"); - - ECPoint Q = ecSpec.getG().multiply(((ECPrivateKey) privateKey).getD()); - byte[] publicDerBytes = Q.getEncoded(false); - - ECPoint point = ecSpec.getCurve().decodePoint(publicDerBytes); - ECPublicKeySpec pubSpec = new ECPublicKeySpec(point, ecSpec); - ECPublicKey publicKeyGenerated = (ECPublicKey) keyFactory.generatePublic(pubSpec); - - Jws jwt = Jwts.parserBuilder().setSigningKey(publicKeyGenerated).build().parseClaimsJws(secret); + Jws jwt = Jwts.parserBuilder().setSigningKey(publicKey.getKey()).build().parseClaimsJws(secret); assertThat(jwt.getHeader().get("kid"), is("keyid")); assertThat(jwt.getHeader().get("alg"), is("ES256")); Claims claims = jwt.getBody(); -- cgit v1.2.3