Use KeyUtils to read keys

5 files changed, 17 insertions, 38 deletions

diff --git a/hosted-api/pom.xml b/hosted-api/pom.xml
index 39b0ef06f93..f20244a8816 100644
--- a/hosted-api/pom.xml
+++ b/hosted-api/pom.xml
@@ -16,6 +16,12 @@
     <dependencies>
         <dependency>
             <groupId>com.yahoo.vespa</groupId>
+            <artifactId>security-utils</artifactId>
+            <version>${project.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.yahoo.vespa</groupId>
             <artifactId>config-provisioning</artifactId>
             <version>${project.version}</version>
             <scope>provided</scope>
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java
index 3f0913c2863..904233f7c49 100644
--- a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java
+++ b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java
@@ -1,12 +1,10 @@
 package ai.vespa.hosted.api;
 
+import com.yahoo.security.KeyUtils;
+
 import java.io.ByteArrayInputStream;
-import java.io.IOException;
 import java.io.InputStream;
-import java.io.UncheckedIOException;
 import java.net.http.HttpRequest;
-import java.nio.file.Files;
-import java.nio.file.Path;
 import java.security.Key;
 import java.time.Clock;
 import java.util.Base64;
@@ -33,7 +31,7 @@ public class RequestSigner {
 
     /** Creates a new request signer with a custom clock. */
     RequestSigner(String pemPrivateKey, String keyId, Clock clock) {
-        this.privateKey = Signatures.parsePrivatePemPkcs8RsaKey(pemPrivateKey);
+        this.privateKey = KeyUtils.fromPemEncodedPrivateKey(pemPrivateKey);
         this.keyId = keyId;
         this.clock = clock;
     }
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java
index 53a464058c1..16832db39f6 100644
--- a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java
+++ b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java
@@ -1,5 +1,7 @@
 package ai.vespa.hosted.api;
 
+import com.yahoo.security.KeyUtils;
+
 import java.net.URI;
 import java.security.Key;
 import java.time.Clock;
@@ -23,7 +25,7 @@ public class RequestVerifier {
     }
 
     RequestVerifier(String pemPublicKey, Clock clock) {
-        this.publicKey = Signatures.parsePublicPemX509RsaKey(pemPublicKey);
+        this.publicKey = KeyUtils.fromPemEncodedPublicKey(pemPublicKey);
         this.clock = clock;
     }
 
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/Signatures.java b/hosted-api/src/main/java/ai/vespa/hosted/api/Signatures.java
index 17fd7012880..5de1534c929 100644
--- a/hosted-api/src/main/java/ai/vespa/hosted/api/Signatures.java
+++ b/hosted-api/src/main/java/ai/vespa/hosted/api/Signatures.java
@@ -1,5 +1,7 @@
 package ai.vespa.hosted.api;
 
+import com.yahoo.security.KeyUtils;
+
 import javax.crypto.Cipher;
 import java.io.InputStream;
 import java.net.URI;
@@ -21,34 +23,6 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 
 public class Signatures {
 
-    /** Reads the PEM formatted X509 encoded RSA public key from the given key data. */
-    public static PublicKey parsePublicPemX509RsaKey(String publicKey) {
-        try {
-            byte[] encodedKey = readKey(publicKey, "-----BEGIN PUBLIC KEY-----\n", "-----END PUBLIC KEY-----");
-            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(encodedKey));
-        }
-        catch (NoSuchAlgorithmException e) {
-            throw new IllegalStateException(e);
-        }
-        catch (InvalidKeySpecException e) {
-            throw new IllegalArgumentException(e);
-        }
-    }
-
-    /** Reads the PEM formatted PKCS8 encoded RSA private key from the given key data. */
-    public static PrivateKey parsePrivatePemPkcs8RsaKey(String privateKey) {
-        try {
-            byte[] encodedKey = readKey(privateKey, "-----BEGIN PRIVATE KEY-----\n", "-----END PRIVATE KEY-----");
-            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(encodedKey));
-        }
-        catch (NoSuchAlgorithmException e) {
-            throw new IllegalStateException(e);
-        }
-        catch (InvalidKeySpecException e) {
-            throw new IllegalArgumentException(e);
-        }
-    }
-
     /** Returns the data encrypted with the given key. */
     public static byte[] encrypted(byte[] data, Key key) {
         try {
diff --git a/hosted-api/src/test/java/ai/vespa/hosted/api/SignaturesTest.java b/hosted-api/src/test/java/ai/vespa/hosted/api/SignaturesTest.java
index 67a99168341..074f117167b 100644
--- a/hosted-api/src/test/java/ai/vespa/hosted/api/SignaturesTest.java
+++ b/hosted-api/src/test/java/ai/vespa/hosted/api/SignaturesTest.java
@@ -1,5 +1,6 @@
 package ai.vespa.hosted.api;
 
+import com.yahoo.security.KeyUtils;
 import org.junit.Test;
 
 import java.io.ByteArrayInputStream;
@@ -14,8 +15,6 @@ import java.time.ZoneOffset;
 
 import static ai.vespa.hosted.api.Signatures.decrypted;
 import static ai.vespa.hosted.api.Signatures.encrypted;
-import static ai.vespa.hosted.api.Signatures.parsePrivatePemPkcs8RsaKey;
-import static ai.vespa.hosted.api.Signatures.parsePublicPemX509RsaKey;
 import static ai.vespa.hosted.api.Signatures.sha256Digest;
 import static ai.vespa.hosted.api.Signatures.sha256Digester;
 import static java.nio.charset.StandardCharsets.UTF_8;
@@ -127,8 +126,8 @@ public class SignaturesTest {
 
     @Test
     public void testEncryption() {
-        Key privateKey = parsePrivatePemPkcs8RsaKey(pemPrivateKey);
-        Key publicKey = parsePublicPemX509RsaKey(pemPublicKey);
+        Key privateKey = KeyUtils.fromPemEncodedPrivateKey(pemPrivateKey);
+        Key publicKey = KeyUtils.fromPemEncodedPublicKey(pemPublicKey);
 
         assertArrayEquals(message, decrypted(encrypted(message, privateKey), publicKey));
         assertArrayEquals(message, decrypted(encrypted(message, publicKey), privateKey));