diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-05-03 14:03:42 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-05-03 15:19:17 +0200 |
commit | 7b9663210bd6cc087ffcd6388855048a10947fb8 (patch) | |
tree | 3ecb38a26e1df54585f36f9ddf57702d05381838 | |
parent | 25cb895e18e9dd1f74b32896e41fe01b76ddb48e (diff) |
Move Signature factories to separate class
4 files changed, 44 insertions, 39 deletions
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java index 48ff10695d3..cd72c589713 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java @@ -1,6 +1,7 @@ package ai.vespa.hosted.api; import com.yahoo.security.KeyUtils; +import com.yahoo.security.SignatureUtils; import java.io.ByteArrayInputStream; import java.io.InputStream; @@ -12,6 +13,7 @@ import java.util.Base64; import java.util.function.Supplier; import static ai.vespa.hosted.api.Signatures.sha256Digest; +import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA; /** * Signs HTTP request headers using a private key, for verification by the indicated public key. @@ -31,7 +33,7 @@ public class RequestSigner { /** Creates a new request signer with a custom clock. */ public RequestSigner(String pemPrivateKey, String keyId, Clock clock) { - this.signer = KeyUtils.createSigner(KeyUtils.fromPemEncodedPrivateKey(pemPrivateKey)); + this.signer = SignatureUtils.createSigner(KeyUtils.fromPemEncodedPrivateKey(pemPrivateKey), SHA256_WITH_ECDSA); this.keyId = keyId; this.clock = clock; } diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java index 1d672a56dcb..96a0196bf04 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java @@ -1,6 +1,7 @@ package ai.vespa.hosted.api; import com.yahoo.security.KeyUtils; +import com.yahoo.security.SignatureUtils; import java.net.URI; import java.security.Signature; @@ -10,6 +11,8 @@ import java.time.Duration; import java.time.Instant; import java.util.Base64; +import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA; + /** * Verifies that signed HTTP requests match the indicated public key. * @@ -26,7 +29,7 @@ public class RequestVerifier { } public RequestVerifier(String pemPublicKey, Clock clock) { - this.verifier = KeyUtils.createVerifier(KeyUtils.fromPemEncodedPublicKey(pemPublicKey)); + this.verifier = SignatureUtils.createVerifier(KeyUtils.fromPemEncodedPublicKey(pemPublicKey), SHA256_WITH_ECDSA); this.clock = clock; } diff --git a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java index 7d39c0d54e0..fa999ee521a 100644 --- a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java @@ -3,11 +3,9 @@ package com.yahoo.security; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.eac.ECDSAPublicKey; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey; -import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.spec.ECParameterSpec; import org.bouncycastle.jce.spec.ECPublicKeySpec; import org.bouncycastle.math.ec.ECPoint; @@ -23,18 +21,14 @@ import java.io.StringReader; import java.io.StringWriter; import java.io.UncheckedIOException; import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; -import java.security.Signature; import java.security.interfaces.RSAPrivateCrtKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.RSAPublicKeySpec; -import java.security.spec.X509EncodedKeySpec; import java.util.ArrayList; import java.util.List; @@ -168,35 +162,4 @@ public class KeyUtils { return primitive.getEncoded(); } - /** Returns a signature instance which computes a SHA-256 hash of its content, before signing with the given private key. */ - public static Signature createSigner(PrivateKey key) { - try { - Signature signer = Signature.getInstance(SignatureAlgorithm.SHA256_WITH_ECDSA.getAlgorithmName(), - BouncyCastleProviderHolder.getInstance()); - signer.initSign(key); - return signer; - } - catch (NoSuchAlgorithmException e) { - throw new IllegalStateException(e); - } - catch (InvalidKeyException e) { - throw new IllegalArgumentException(e); - } - } - - /** Returns a signature instance which computes a SHA-256 hash of its content, before verifying with the given public key. */ - public static Signature createVerifier(PublicKey key) { - try { - Signature signer = Signature.getInstance(SignatureAlgorithm.SHA256_WITH_ECDSA.getAlgorithmName(), - BouncyCastleProviderHolder.getInstance()); - signer.initVerify(key); - return signer; - } - catch (NoSuchAlgorithmException e) { - throw new IllegalStateException(e); - } - catch (InvalidKeyException e) { - throw new IllegalArgumentException(e); - } - } } diff --git a/security-utils/src/main/java/com/yahoo/security/SignatureUtils.java b/security-utils/src/main/java/com/yahoo/security/SignatureUtils.java new file mode 100644 index 00000000000..7560fbbd40d --- /dev/null +++ b/security-utils/src/main/java/com/yahoo/security/SignatureUtils.java @@ -0,0 +1,37 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.security; + +import java.security.GeneralSecurityException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.Signature; + +/** + * Misc signature utils + * + * @author bjorncs + */ +public class SignatureUtils { + + /** Returns a signature instance which computes a hash of its content, before signing with the given private key. */ + public static Signature createSigner(PrivateKey key, SignatureAlgorithm algorithm) { + try { + Signature signer = Signature.getInstance(algorithm.getAlgorithmName(), BouncyCastleProviderHolder.getInstance()); + signer.initSign(key); + return signer; + } catch (GeneralSecurityException e) { + throw new IllegalStateException(e); + } + } + + /** Returns a signature instance which computes a hash of its content, before verifying with the given public key. */ + public static Signature createVerifier(PublicKey key, SignatureAlgorithm algorithm) { + try { + Signature signer = Signature.getInstance(algorithm.getAlgorithmName(), BouncyCastleProviderHolder.getInstance()); + signer.initVerify(key); + return signer; + } catch (GeneralSecurityException e) { + throw new IllegalStateException(e); + } + } +} |