diff options
author | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-04-30 13:29:25 +0200 |
---|---|---|
committer | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-04-30 14:01:33 +0200 |
commit | c872e3b43d0ae0dd409cf9498f0b1dabd8c2c6a6 (patch) | |
tree | 580d20fd343ebcf65a063051924b7d4315a3a3e8 /hosted-api | |
parent | d57e489f3bfd41a0a66639346dbd39fbd5162ea5 (diff) |
Use KeyUtils to read keys
Diffstat (limited to 'hosted-api')
5 files changed, 17 insertions, 38 deletions
diff --git a/hosted-api/pom.xml b/hosted-api/pom.xml index 39b0ef06f93..f20244a8816 100644 --- a/hosted-api/pom.xml +++ b/hosted-api/pom.xml @@ -16,6 +16,12 @@ <dependencies> <dependency> <groupId>com.yahoo.vespa</groupId> + <artifactId>security-utils</artifactId> + <version>${project.version}</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>com.yahoo.vespa</groupId> <artifactId>config-provisioning</artifactId> <version>${project.version}</version> <scope>provided</scope> diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java index 3f0913c2863..904233f7c49 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java @@ -1,12 +1,10 @@ package ai.vespa.hosted.api; +import com.yahoo.security.KeyUtils; + import java.io.ByteArrayInputStream; -import java.io.IOException; import java.io.InputStream; -import java.io.UncheckedIOException; import java.net.http.HttpRequest; -import java.nio.file.Files; -import java.nio.file.Path; import java.security.Key; import java.time.Clock; import java.util.Base64; @@ -33,7 +31,7 @@ public class RequestSigner { /** Creates a new request signer with a custom clock. */ RequestSigner(String pemPrivateKey, String keyId, Clock clock) { - this.privateKey = Signatures.parsePrivatePemPkcs8RsaKey(pemPrivateKey); + this.privateKey = KeyUtils.fromPemEncodedPrivateKey(pemPrivateKey); this.keyId = keyId; this.clock = clock; } diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java index 53a464058c1..16832db39f6 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java @@ -1,5 +1,7 @@ package ai.vespa.hosted.api; +import com.yahoo.security.KeyUtils; + import java.net.URI; import java.security.Key; import java.time.Clock; @@ -23,7 +25,7 @@ public class RequestVerifier { } RequestVerifier(String pemPublicKey, Clock clock) { - this.publicKey = Signatures.parsePublicPemX509RsaKey(pemPublicKey); + this.publicKey = KeyUtils.fromPemEncodedPublicKey(pemPublicKey); this.clock = clock; } diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/Signatures.java b/hosted-api/src/main/java/ai/vespa/hosted/api/Signatures.java index 17fd7012880..5de1534c929 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/Signatures.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/Signatures.java @@ -1,5 +1,7 @@ package ai.vespa.hosted.api; +import com.yahoo.security.KeyUtils; + import javax.crypto.Cipher; import java.io.InputStream; import java.net.URI; @@ -21,34 +23,6 @@ import static java.nio.charset.StandardCharsets.UTF_8; public class Signatures { - /** Reads the PEM formatted X509 encoded RSA public key from the given key data. */ - public static PublicKey parsePublicPemX509RsaKey(String publicKey) { - try { - byte[] encodedKey = readKey(publicKey, "-----BEGIN PUBLIC KEY-----\n", "-----END PUBLIC KEY-----"); - return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(encodedKey)); - } - catch (NoSuchAlgorithmException e) { - throw new IllegalStateException(e); - } - catch (InvalidKeySpecException e) { - throw new IllegalArgumentException(e); - } - } - - /** Reads the PEM formatted PKCS8 encoded RSA private key from the given key data. */ - public static PrivateKey parsePrivatePemPkcs8RsaKey(String privateKey) { - try { - byte[] encodedKey = readKey(privateKey, "-----BEGIN PRIVATE KEY-----\n", "-----END PRIVATE KEY-----"); - return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(encodedKey)); - } - catch (NoSuchAlgorithmException e) { - throw new IllegalStateException(e); - } - catch (InvalidKeySpecException e) { - throw new IllegalArgumentException(e); - } - } - /** Returns the data encrypted with the given key. */ public static byte[] encrypted(byte[] data, Key key) { try { diff --git a/hosted-api/src/test/java/ai/vespa/hosted/api/SignaturesTest.java b/hosted-api/src/test/java/ai/vespa/hosted/api/SignaturesTest.java index 67a99168341..074f117167b 100644 --- a/hosted-api/src/test/java/ai/vespa/hosted/api/SignaturesTest.java +++ b/hosted-api/src/test/java/ai/vespa/hosted/api/SignaturesTest.java @@ -1,5 +1,6 @@ package ai.vespa.hosted.api; +import com.yahoo.security.KeyUtils; import org.junit.Test; import java.io.ByteArrayInputStream; @@ -14,8 +15,6 @@ import java.time.ZoneOffset; import static ai.vespa.hosted.api.Signatures.decrypted; import static ai.vespa.hosted.api.Signatures.encrypted; -import static ai.vespa.hosted.api.Signatures.parsePrivatePemPkcs8RsaKey; -import static ai.vespa.hosted.api.Signatures.parsePublicPemX509RsaKey; import static ai.vespa.hosted.api.Signatures.sha256Digest; import static ai.vespa.hosted.api.Signatures.sha256Digester; import static java.nio.charset.StandardCharsets.UTF_8; @@ -127,8 +126,8 @@ public class SignaturesTest { @Test public void testEncryption() { - Key privateKey = parsePrivatePemPkcs8RsaKey(pemPrivateKey); - Key publicKey = parsePublicPemX509RsaKey(pemPublicKey); + Key privateKey = KeyUtils.fromPemEncodedPrivateKey(pemPrivateKey); + Key publicKey = KeyUtils.fromPemEncodedPublicKey(pemPublicKey); assertArrayEquals(message, decrypted(encrypted(message, privateKey), publicKey)); assertArrayEquals(message, decrypted(encrypted(message, publicKey), privateKey)); |