From 72f3289f339ef3b8fe37be3740ff390d970f8e0e Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Thu, 12 May 2022 23:17:43 +0300
Subject: Use Churchkey library to read PEM files and keys
---
pom.xml | 13 ++++----
.../apis/AppleClientSecretGenerator.java | 20 +++---------
.../java/com/juick/server/tests/ServerTests.java | 37 ++++------------------
3 files changed, 18 insertions(+), 52 deletions(-)
diff --git a/pom.xml b/pom.xml
index 422facbe..1a578285 100644
--- a/pom.xml
+++ b/pom.xml
@@ -182,6 +182,11 @@
tomitribe-http-signatures
1.7
+
+ org.tomitribe
+ churchkey
+ 0.14
+
com.google.code.findbugs
jsr305
@@ -251,12 +256,6 @@
2.5.3
test
-
- org.bouncycastle
- bcpkix-jdk15on
- 1.70
- test
-
@@ -349,4 +348,4 @@
-
+
\ No newline at end of file
diff --git a/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java b/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java
index 10ac4c5a..2de9ea4a 100644
--- a/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java
+++ b/src/main/java/com/github/scribejava/apis/AppleClientSecretGenerator.java
@@ -20,19 +20,16 @@ package com.github.scribejava.apis;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
-import java.nio.charset.StandardCharsets;
-import java.security.Key;
-import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
-import java.security.spec.EncodedKeySpec;
import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
import java.time.Instant;
import java.time.ZoneId;
import java.time.ZonedDateTime;
-import java.util.Base64;
import java.util.Date;
+import org.tomitribe.churchkey.Key;
+import org.tomitribe.churchkey.Keys;
+
public class AppleClientSecretGenerator {
private final String subject;
private final String teamId;
@@ -49,14 +46,7 @@ public class AppleClientSecretGenerator {
this.teamId = teamId;
this.pemData = pemData;
- String p8encodedData = new String(getPemData(), StandardCharsets.UTF_8)
- .replace(
- "-----BEGIN PRIVATE KEY-----\n", "")
- .replace("\n", "")
- .replace("-----END PRIVATE KEY-----", "");
- KeyFactory kf = KeyFactory.getInstance("EC");
- EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(p8encodedData));
- signingKey = kf.generatePrivate(keySpec);
+ this.signingKey = Keys.decode(pemData);
}
public String getClientSecret() {
@@ -68,7 +58,7 @@ public class AppleClientSecretGenerator {
.setIssuedAt(Date.from(now))
.setSubject(subject)
.setExpiration(Date.from(ZonedDateTime.ofInstant(now, ZoneId.of("UTC")).plusMonths(1).toInstant()))
- .signWith(signingKey, SignatureAlgorithm.ES256)
+ .signWith(signingKey.getKey(), SignatureAlgorithm.ES256)
.compact();
}
diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java
index e5b4562c..a23c0a6f 100644
--- a/src/test/java/com/juick/server/tests/ServerTests.java
+++ b/src/test/java/com/juick/server/tests/ServerTests.java
@@ -184,15 +184,6 @@ import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.text.StringEscapeUtils;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.jce.ECNamedCurveTable;
-import org.bouncycastle.jce.interfaces.ECPrivateKey;
-import org.bouncycastle.jce.interfaces.ECPublicKey;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import org.bouncycastle.jce.spec.ECPublicKeySpec;
-import org.bouncycastle.math.ec.ECPoint;
-import org.bouncycastle.openssl.PEMParser;
-import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.MethodOrderer;
@@ -235,6 +226,8 @@ import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;
import org.tomitribe.auth.signatures.Base64;
+import org.tomitribe.churchkey.Key;
+import org.tomitribe.churchkey.Keys;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
@@ -2493,28 +2486,12 @@ public class ServerTests {
public void testAppleClientSecret()
throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, NoSuchProviderException {
String secret = new String(clientSecretGenerator.getClientSecret().getBytes(), StandardCharsets.UTF_8);
- Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
- JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
- pemConverter.setProvider("BC");
- final Reader pemReader = new InputStreamReader(new ByteArrayInputStream(clientSecretGenerator.getPemData()));
- final PEMParser parser = new PEMParser(pemReader);
- PrivateKey privateKey;
- Object pemObj = parser.readObject();
+ final Key key = Keys.decode(clientSecretGenerator.getPemData());
+
+ // Get the public key
+ final Key publicKey = key.getPublicKey();
- privateKey = pemConverter.getPrivateKey((PrivateKeyInfo) pemObj);
-
- // Generate public key from private key
- KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
- ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("secp256r1");
-
- ECPoint Q = ecSpec.getG().multiply(((ECPrivateKey) privateKey).getD());
- byte[] publicDerBytes = Q.getEncoded(false);
-
- ECPoint point = ecSpec.getCurve().decodePoint(publicDerBytes);
- ECPublicKeySpec pubSpec = new ECPublicKeySpec(point, ecSpec);
- ECPublicKey publicKeyGenerated = (ECPublicKey) keyFactory.generatePublic(pubSpec);
-
- Jws jwt = Jwts.parserBuilder().setSigningKey(publicKeyGenerated).build().parseClaimsJws(secret);
+ Jws jwt = Jwts.parserBuilder().setSigningKey(publicKey.getKey()).build().parseClaimsJws(secret);
assertThat(jwt.getHeader().get("kid"), is("keyid"));
assertThat(jwt.getHeader().get("alg"), is("ES256"));
Claims claims = jwt.getBody();
--
cgit v1.2.3