Removed some unneeded methods for reading a key

CDCgov · Oct 10, 2023 · d03cec7 · d03cec7
1 parent 7e8414f
commit d03cec7
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 47 deletions.
diff --git a/app/src/test/groovy/gov/hhs/cdc/trustedintermediary/auth/AuthRequestValidatorTest.groovy b/app/src/test/groovy/gov/hhs/cdc/trustedintermediary/auth/AuthRequestValidatorTest.groovy
@@ -89,7 +89,7 @@ class AuthRequestValidatorTest extends Specification{
         actual == expected
     }
 
-    def "retrievePrivateKey works when keyCache not empty"() {
+    def "retrievePublicKey works when keyCache not empty"() {
         given:
         def mockCache = Mock(KeyCache)
         def key = "fake key"
@@ -106,7 +106,7 @@ class AuthRequestValidatorTest extends Specification{
         actual == expected
     }
 
-    def "retrievePrivateKey works when keyCache is empty"() {
+    def "retrievePublicKey works when keyCache is empty"() {
         given:
         def mockCache = Mock(KeyCache)
         def mockSecrets = Mock(Secrets)
@@ -126,7 +126,7 @@ class AuthRequestValidatorTest extends Specification{
         actual == expected
     }
 
-    def "retrievePrivateKey adds key to keyCache works"() {
+    def "retrievePublicKey adds key to keyCache works"() {
         given:
         def cache = KeyCache.getInstance()
         def mockSecrets = Mock(Secrets)
@@ -140,7 +140,7 @@ class AuthRequestValidatorTest extends Specification{
         when:
         mockSecrets.getKey(_ as String) >> key
         validator.retrievePublicKey()
-        def actual = cache.get("trusted-intermediary-private-key-local")
+        def actual = cache.get("trusted-intermediary-public-key-local")
 
         then:
         actual == expected

diff --git a/shared/src/main/java/gov/hhs/cdc/trustedintermediary/external/jjwt/JjwtEngine.java b/shared/src/main/java/gov/hhs/cdc/trustedintermediary/external/jjwt/JjwtEngine.java
@@ -49,7 +49,7 @@ public String generateToken(
 
         Key privateKey;
         try {
-            privateKey = readKey(pemKey);
+            privateKey = readPrivateKey(pemKey);
         } catch (NoSuchAlgorithmException e) {
             throw new TokenGenerationException("The private key algorithm isn't supported", e);
         } catch (Exception e) {
@@ -83,12 +83,18 @@ public String generateToken(
     public LocalDateTime getExpirationDate(String jwt) {
 
         var tokenOnly = jwt.substring(0, jwt.lastIndexOf('.') + 1);
-        tokenOnly = "eyJ0eXBlIjoiSldUIn0K" + tokenOnly.substring(jwt.indexOf('.'));
-        // TODO: create an unsecured header and prepend that.
+        var claimsOnly = tokenOnly.substring(tokenOnly.indexOf('.'));
+        // Passing jwt header with alg:None to satisfy jjwt expectations
+        var customHeaderAndClaims = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0" + claimsOnly;
 
         Claims claims;
         try {
-            claims = Jwts.parser().unsecured().build().parseUnsecuredClaims(tokenOnly).getPayload();
+            claims =
+                    Jwts.parser()
+                            .unsecured()
+                            .build()
+                            .parseUnsecuredClaims(customHeaderAndClaims)
+                            .getPayload();
         } catch (ClaimJwtException e) {
             claims = e.getClaims();
         }
@@ -103,7 +109,7 @@ public void validateToken(String jwt, String encodedKey)
 
         try {
             var key = readPublicKey(encodedKey);
-            Jwts.parser().verifyWith(key).build().parseClaimsJws(jwt);
+            Jwts.parser().verifyWith(key).build().parseSignedClaims(jwt);
 
         } catch (JwtException | IllegalArgumentException e) {
             throw new InvalidTokenException(e);
@@ -114,22 +120,6 @@ public void validateToken(String jwt, String encodedKey)
         }
     }
 
-    protected Key readKey(String encodedKey)
-            throws NoSuchAlgorithmException, InvalidKeySpecException, IllegalArgumentException {
-        return isPrivateKey(encodedKey) ? readPrivateKey(encodedKey) : readPublicKey(encodedKey);
-    }
-
-    protected boolean isPrivateKey(String key) {
-
-        try {
-            readPrivateKey(key);
-
-            return true;
-        } catch (Exception e) {
-            return false;
-        }
-    }
-
     protected PrivateKey readPrivateKey(@Nonnull String pemKey)
             throws NoSuchAlgorithmException, InvalidKeySpecException, IllegalArgumentException {
 

diff --git a/shared/src/test/groovy/gov/hhs/cdc/trustedintermediary/external/jjwt/JjwtEngineTest.groovy b/shared/src/test/groovy/gov/hhs/cdc/trustedintermediary/external/jjwt/JjwtEngineTest.groovy
@@ -90,26 +90,4 @@ class JjwtEngineTest extends Specification {
         then:
         actual == expected
     }
-
-    def "readKey correctly reads a private key"() {
-        given:
-        def privateKeyString = Files.readString(Path.of("..", "mock_credentials", "trusted-intermediary-private-key-local.pem"))
-
-        when:
-        def key = JjwtEngine.getInstance().readKey(privateKeyString)
-
-        then:
-        key != null
-    }
-
-    def "readKey correctly reads a public key"() {
-        given:
-        def publicKeyString = Files.readString(Path.of("..", "mock_credentials", "trusted-intermediary-public-key-local.pem"))
-
-        when:
-        def key = JjwtEngine.getInstance().readKey(publicKeyString)
-
-        then:
-        key != null
-    }
 }