diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2019-10-03 10:29:46 +0200 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2019-10-03 10:32:39 +0200 |
commit | 7f31c41e3a434033a4ce47a97dd1cc32ccb4d58b (patch) | |
tree | fa1486520c2cc0580992e7016baff30b16845b14 /vespa-athenz | |
parent | 42813a5f158973444253db38f006d25e62dd66cd (diff) |
Read signature algorithm from key
Diffstat (limited to 'vespa-athenz')
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSigner.java | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSigner.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSigner.java index e63cd9750fb..a28ab788fc1 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSigner.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSigner.java @@ -1,15 +1,14 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.identityprovider.client; +import com.yahoo.security.SignatureUtils; import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.identityprovider.api.IdentityType; import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; -import com.yahoo.security.SignatureAlgorithm; import java.nio.ByteBuffer; import java.security.GeneralSecurityException; -import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; @@ -37,7 +36,7 @@ public class IdentityDocumentSigner { IdentityType identityType, PrivateKey privateKey) { try { - Signature signer = createSigner(); + Signature signer = SignatureUtils.createSigner(privateKey); signer.initSign(privateKey); writeToSigner(signer, providerUniqueId, providerService, configServerHostname, instanceHostname, createdAt, ipAddresses, identityType); byte[] signature = signer.sign(); @@ -49,7 +48,7 @@ public class IdentityDocumentSigner { public boolean hasValidSignature(SignedIdentityDocument doc, PublicKey publicKey) { try { - Signature signer = createSigner(); + Signature signer = SignatureUtils.createVerifier(publicKey); signer.initVerify(publicKey); writeToSigner(signer, doc.providerUniqueId(), doc.providerService(), doc.configServerHostname(), doc.instanceHostname(), doc.createdAt(), doc.ipAddresses(), doc.identityType()); return signer.verify(Base64.getDecoder().decode(doc.signature())); @@ -58,10 +57,6 @@ public class IdentityDocumentSigner { } } - private static Signature createSigner() throws NoSuchAlgorithmException { - return Signature.getInstance(SignatureAlgorithm.SHA512_WITH_RSA.getAlgorithmName()); - } - private static void writeToSigner(Signature signer, VespaUniqueInstanceId providerUniqueId, AthenzService providerService, |