Migrate spring-security-rsa into spring-security-crypto

Closes spring-projectsgh-14202
marcusdacoregio · Dec 27, 2023 · f1913a5 · f1913a5
1 parent 707588f
commit f1913a5
Show file tree

Hide file tree

Showing 16 changed files with 1,316 additions and 1 deletion.
diff --git a/crypto/spring-security-crypto.gradle b/crypto/spring-security-crypto.gradle
@@ -3,8 +3,9 @@ apply plugin: 'io.spring.convention.spring-module'
 dependencies {
 	management platform(project(":spring-security-dependencies"))
 	optional 'org.springframework:spring-jcl'
+	optional 'org.springframework:spring-core'
 	optional 'org.bouncycastle:bcpkix-jdk15on'
-	
+
 	testImplementation "org.assertj:assertj-core"
 	testImplementation "org.junit.jupiter:junit-jupiter-api"
 	testImplementation "org.junit.jupiter:junit-jupiter-params"

diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/KeyStoreKeyFactory.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/KeyStoreKeyFactory.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2013-2023 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.crypto.encrypt;
+
+import java.io.InputStream;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.PublicKey;
+import java.security.cert.Certificate;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.spec.RSAPublicKeySpec;
+
+import org.springframework.core.io.Resource;
+import org.springframework.util.StringUtils;
+
+/**
+ * @author Dave Syer
+ * @author Tim Ysewyn
+ * @since 6.3
+ */
+public class KeyStoreKeyFactory {
+
+	private final Resource resource;
+
+	private final char[] password;
+
+	private KeyStore store;
+
+	private final Object lock = new Object();
+
+	private final String type;
+
+	public KeyStoreKeyFactory(Resource resource, char[] password) {
+		this(resource, password, type(resource));
+	}
+
+	private static String type(Resource resource) {
+		String ext = StringUtils.getFilenameExtension(resource.getFilename());
+		return (ext != null) ? ext : "jks";
+	}
+
+	public KeyStoreKeyFactory(Resource resource, char[] password, String type) {
+		this.resource = resource;
+		this.password = password;
+		this.type = type;
+	}
+
+	public KeyPair getKeyPair(String alias) {
+		return getKeyPair(alias, this.password);
+	}
+
+	public KeyPair getKeyPair(String alias, char[] password) {
+		try {
+			synchronized (this.lock) {
+				if (this.store == null) {
+					synchronized (this.lock) {
+						this.store = KeyStore.getInstance(this.type);
+						try (InputStream stream = this.resource.getInputStream()) {
+							this.store.load(stream, this.password);
+						}
+					}
+				}
+			}
+			RSAPrivateCrtKey key = (RSAPrivateCrtKey) this.store.getKey(alias, password);
+			Certificate certificate = this.store.getCertificate(alias);
+			PublicKey publicKey = null;
+			if (certificate != null) {
+				publicKey = certificate.getPublicKey();
+			}
+			else if (key != null) {
+				RSAPublicKeySpec spec = new RSAPublicKeySpec(key.getModulus(), key.getPublicExponent());
+				publicKey = KeyFactory.getInstance("RSA").generatePublic(spec);
+			}
+			return new KeyPair(publicKey, key);
+		}
+		catch (Exception ex) {
+			throw new IllegalStateException("Cannot load keys from store: " + this.resource, ex);
+		}
+	}
+
+}
diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/RsaAlgorithm.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/RsaAlgorithm.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2013-2023 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.crypto.encrypt;
+
+/**
+ * @author Dave Syer
+ * @since 6.3
+ */
+public enum RsaAlgorithm {
+
+	DEFAULT("RSA", 117), OAEP("RSA/ECB/OAEPPadding", 86);
+
+	private final String name;
+
+	private final int maxLength;
+
+	RsaAlgorithm(String name, int maxLength) {
+		this.name = name;
+		this.maxLength = maxLength;
+	}
+
+	public String getJceName() {
+		return this.name;
+	}
+
+	public int getMaxLength() {
+		return this.maxLength;
+	}
+
+}