From d03cec7e0e6d00807aac6b5fdf4c5aead634179d Mon Sep 17 00:00:00 2001 From: halprin Date: Tue, 10 Oct 2023 14:30:42 -0600 Subject: [PATCH] Removed some unneeded methods for reading a key --- .../auth/AuthRequestValidatorTest.groovy | 8 ++--- .../external/jjwt/JjwtEngine.java | 32 +++++++------------ .../external/jjwt/JjwtEngineTest.groovy | 22 ------------- 3 files changed, 15 insertions(+), 47 deletions(-) diff --git a/app/src/test/groovy/gov/hhs/cdc/trustedintermediary/auth/AuthRequestValidatorTest.groovy b/app/src/test/groovy/gov/hhs/cdc/trustedintermediary/auth/AuthRequestValidatorTest.groovy index 70cdea87d..33ab21ec1 100644 --- a/app/src/test/groovy/gov/hhs/cdc/trustedintermediary/auth/AuthRequestValidatorTest.groovy +++ b/app/src/test/groovy/gov/hhs/cdc/trustedintermediary/auth/AuthRequestValidatorTest.groovy @@ -89,7 +89,7 @@ class AuthRequestValidatorTest extends Specification{ actual == expected } - def "retrievePrivateKey works when keyCache not empty"() { + def "retrievePublicKey works when keyCache not empty"() { given: def mockCache = Mock(KeyCache) def key = "fake key" @@ -106,7 +106,7 @@ class AuthRequestValidatorTest extends Specification{ actual == expected } - def "retrievePrivateKey works when keyCache is empty"() { + def "retrievePublicKey works when keyCache is empty"() { given: def mockCache = Mock(KeyCache) def mockSecrets = Mock(Secrets) @@ -126,7 +126,7 @@ class AuthRequestValidatorTest extends Specification{ actual == expected } - def "retrievePrivateKey adds key to keyCache works"() { + def "retrievePublicKey adds key to keyCache works"() { given: def cache = KeyCache.getInstance() def mockSecrets = Mock(Secrets) @@ -140,7 +140,7 @@ class AuthRequestValidatorTest extends Specification{ when: mockSecrets.getKey(_ as String) >> key validator.retrievePublicKey() - def actual = cache.get("trusted-intermediary-private-key-local") + def actual = cache.get("trusted-intermediary-public-key-local") then: actual == expected diff --git a/shared/src/main/java/gov/hhs/cdc/trustedintermediary/external/jjwt/JjwtEngine.java b/shared/src/main/java/gov/hhs/cdc/trustedintermediary/external/jjwt/JjwtEngine.java index 6866fc180..a86620b8d 100644 --- a/shared/src/main/java/gov/hhs/cdc/trustedintermediary/external/jjwt/JjwtEngine.java +++ b/shared/src/main/java/gov/hhs/cdc/trustedintermediary/external/jjwt/JjwtEngine.java @@ -49,7 +49,7 @@ public String generateToken( Key privateKey; try { - privateKey = readKey(pemKey); + privateKey = readPrivateKey(pemKey); } catch (NoSuchAlgorithmException e) { throw new TokenGenerationException("The private key algorithm isn't supported", e); } catch (Exception e) { @@ -83,12 +83,18 @@ public String generateToken( public LocalDateTime getExpirationDate(String jwt) { var tokenOnly = jwt.substring(0, jwt.lastIndexOf('.') + 1); - tokenOnly = "eyJ0eXBlIjoiSldUIn0K" + tokenOnly.substring(jwt.indexOf('.')); - // TODO: create an unsecured header and prepend that. + var claimsOnly = tokenOnly.substring(tokenOnly.indexOf('.')); + // Passing jwt header with alg:None to satisfy jjwt expectations + var customHeaderAndClaims = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0" + claimsOnly; Claims claims; try { - claims = Jwts.parser().unsecured().build().parseUnsecuredClaims(tokenOnly).getPayload(); + claims = + Jwts.parser() + .unsecured() + .build() + .parseUnsecuredClaims(customHeaderAndClaims) + .getPayload(); } catch (ClaimJwtException e) { claims = e.getClaims(); } @@ -103,7 +109,7 @@ public void validateToken(String jwt, String encodedKey) try { var key = readPublicKey(encodedKey); - Jwts.parser().verifyWith(key).build().parseClaimsJws(jwt); + Jwts.parser().verifyWith(key).build().parseSignedClaims(jwt); } catch (JwtException | IllegalArgumentException e) { throw new InvalidTokenException(e); @@ -114,22 +120,6 @@ public void validateToken(String jwt, String encodedKey) } } - protected Key readKey(String encodedKey) - throws NoSuchAlgorithmException, InvalidKeySpecException, IllegalArgumentException { - return isPrivateKey(encodedKey) ? readPrivateKey(encodedKey) : readPublicKey(encodedKey); - } - - protected boolean isPrivateKey(String key) { - - try { - readPrivateKey(key); - - return true; - } catch (Exception e) { - return false; - } - } - protected PrivateKey readPrivateKey(@Nonnull String pemKey) throws NoSuchAlgorithmException, InvalidKeySpecException, IllegalArgumentException { diff --git a/shared/src/test/groovy/gov/hhs/cdc/trustedintermediary/external/jjwt/JjwtEngineTest.groovy b/shared/src/test/groovy/gov/hhs/cdc/trustedintermediary/external/jjwt/JjwtEngineTest.groovy index 91f4aac7b..6614d5c90 100644 --- a/shared/src/test/groovy/gov/hhs/cdc/trustedintermediary/external/jjwt/JjwtEngineTest.groovy +++ b/shared/src/test/groovy/gov/hhs/cdc/trustedintermediary/external/jjwt/JjwtEngineTest.groovy @@ -90,26 +90,4 @@ class JjwtEngineTest extends Specification { then: actual == expected } - - def "readKey correctly reads a private key"() { - given: - def privateKeyString = Files.readString(Path.of("..", "mock_credentials", "trusted-intermediary-private-key-local.pem")) - - when: - def key = JjwtEngine.getInstance().readKey(privateKeyString) - - then: - key != null - } - - def "readKey correctly reads a public key"() { - given: - def publicKeyString = Files.readString(Path.of("..", "mock_credentials", "trusted-intermediary-public-key-local.pem")) - - when: - def key = JjwtEngine.getInstance().readKey(publicKeyString) - - then: - key != null - } }