-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use java.security
classes in preference to string-wrappers
#147
Use java.security
classes in preference to string-wrappers
#147
Conversation
java.security
classes in preference to string-wrappers
c692194
to
ff3b46f
Compare
val privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decodeBase64(prvKey.key))) | ||
rsa.initSign(privateKey) | ||
rsa.initSign(prvKey) | ||
|
||
rsa.update(data) | ||
rsa.sign() | ||
} | ||
|
||
def verifySignature(data: Array[Byte], signature: Array[Byte], pubKey: PublicKey) : Boolean = { | ||
val rsa = Signature.getInstance(signatureAlgorithm, "BC") | ||
val publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(decodeBase64(pubKey.key))) | ||
rsa.initVerify(publicKey) | ||
rsa.initVerify(pubKey) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The signData()
&verifySignature()
methods on Crypto
no longer need to repeatedly decode the base64-encoded strings, and so now are a bit simpler and more efficient.
publicKey: PublicKey, | ||
privateKey: PrivateKey, | ||
signingKeyPair: KeyPair, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The signature of the PanDomainAuthSettings
case class has changed here, but thankfully this won't affect consumers of this library, as they all use the companion apply()
method that accepts settingMap: Map[String, String]
.
This change deletes the `PublicKey` & `PrivateKey` classes in our `com.gu.pandomainauth` package, which were simple string-wrapper classes that held base64-encoded text representations of cryptographic keys. The `java.security` classes `PublicKey` & `PrivateKey` already exist and, as they represent fully-decoded keys, don't need to be _repeatedly_ decoded from strings the way we had to with our string-wrapper classes. Consequently, the `signData()` & `verifySignature()` methods on `Crypto` are now a bit simpler and more efficient. We can also use the `java.security.KeyPair` class to represent the pair of public & private keys.
ff3b46f
to
72601f7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me
This is pretty minor change, but due to guardian/pan-domain-authentication#147 and guardian/pan-domain-authentication#153, there are a couple of changes required: * imports for `PublicKey` *
This is pretty minor change, but due to guardian/pan-domain-authentication#147 and guardian/pan-domain-authentication#153, there are a couple of changes required: * imports for `PublicKey` * `settings.privateKey` becomes `settings.signingKeyPair.getPrivate`
This is pretty minor change, but due to guardian/pan-domain-authentication#147 and guardian/pan-domain-authentication#153, there are a couple of changes required: * imports for `PublicKey` * `settings.privateKey` becomes `settings.signingKeyPair.getPrivate`
This change deletes the
PublicKey
&PrivateKey
classes in ourcom.gu.pandomainauth
package, which were simple string-wrapper classes that held base64-encoded text representations of cryptographic keys.The
java.security
classesPublicKey
&PrivateKey
already exist and, as they represent fully-decoded keys, don't need to be repeatedly decoded from strings the way we had to with our string-wrapper classes. Consequently, thesignData()
&verifySignature()
methods onCrypto
are now a bit simpler and more efficient.We can also use the
java.security.KeyPair
class to represent the pair of public & private keys.