From cbca3a1ec29552e2f3dd6e4ed337ae9373434165 Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Tue, 23 Jun 2020 12:46:11 -0300
Subject: [PATCH] Refactor extracting methods to improve readability.

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 .../java/io/spiffe/svid/jwtsvid/JwtSvid.java  | 45 ++++++++++-------
 .../io/spiffe/svid/x509svid/X509Svid.java     | 49 ++++++++++++-------
 2 files changed, 57 insertions(+), 37 deletions(-)

diff --git a/java-spiffe-core/src/main/java/io/spiffe/svid/jwtsvid/JwtSvid.java b/java-spiffe-core/src/main/java/io/spiffe/svid/jwtsvid/JwtSvid.java
index 8ae3528..23b85e7 100644
--- a/java-spiffe-core/src/main/java/io/spiffe/svid/jwtsvid/JwtSvid.java
+++ b/java-spiffe-core/src/main/java/io/spiffe/svid/jwtsvid/JwtSvid.java
@@ -107,16 +107,10 @@ public class JwtSvid {
             throw new IllegalArgumentException("Token cannot be blank");
         }
 
-        final SignedJWT signedJwt;
-        final JWTClaimsSet claimsSet;
-        try {
-            signedJwt = SignedJWT.parse(token);
-            claimsSet = signedJwt.getJWTClaimsSet();
-        } catch (ParseException e) {
-            throw new IllegalArgumentException("Unable to parse JWT token", e);
-        }
+        val signedJwt = getSignedJWT(token);
+        val claimsSet = getJwtClaimsSet(signedJwt);
 
-        Set<String> claimAudience = new HashSet<>(claimsSet.getAudience());
+        val claimAudience = new HashSet<>(claimsSet.getAudience());
         validateAudience(claimAudience, audience);
 
         val expirationTime = claimsSet.getExpirationTime();
@@ -152,16 +146,10 @@ public class JwtSvid {
             throw new IllegalArgumentException("Token cannot be blank");
         }
 
-        final SignedJWT signedJwt;
-        final JWTClaimsSet claimsSet;
-        try {
-            signedJwt = SignedJWT.parse(token);
-            claimsSet = signedJwt.getJWTClaimsSet();
-        } catch (ParseException e) {
-            throw new IllegalArgumentException("Unable to parse JWT token", e);
-        }
+        val signedJwt = getSignedJWT(token);
+        val claimsSet = getJwtClaimsSet(signedJwt);
 
-        Set<String> claimAudience = new HashSet<>(claimsSet.getAudience());
+        val claimAudience = new HashSet<>(claimsSet.getAudience());
         validateAudience(claimAudience, audience);
 
         val expirationTime = claimsSet.getExpirationTime();
@@ -186,10 +174,29 @@ public class JwtSvid {
      * @return a copy of the expiration date time of the JWT SVID.
      */
     public Date getExpiry() {
-        // defensive copying to prevent exposing a mutable object
+        // defensive copy to prevent exposing a mutable object
         return new Date(expiry.getTime());
     }
 
+    private static JWTClaimsSet getJwtClaimsSet(final SignedJWT signedJwt) {
+        final JWTClaimsSet claimsSet;
+        try {
+            claimsSet = signedJwt.getJWTClaimsSet();
+        } catch (ParseException e) {
+            throw new IllegalArgumentException("Unable to parse JWT token", e);
+        }
+        return claimsSet;
+    }
+
+    private static SignedJWT getSignedJWT(final String token) {
+        final SignedJWT signedJwt;
+        try {
+            signedJwt = SignedJWT.parse(token);
+        } catch (ParseException e) {
+            throw new IllegalArgumentException("Unable to parse JWT token", e);
+        }
+        return signedJwt;
+    }
 
     private static void verifySignature(final SignedJWT signedJwt, final PublicKey jwtAuthority, final String algorithm, final String keyId) throws JwtSvidException {
         boolean verify;
diff --git a/java-spiffe-core/src/main/java/io/spiffe/svid/x509svid/X509Svid.java b/java-spiffe-core/src/main/java/io/spiffe/svid/x509svid/X509Svid.java
index 10ee1bc..ccd3bd1 100644
--- a/java-spiffe-core/src/main/java/io/spiffe/svid/x509svid/X509Svid.java
+++ b/java-spiffe-core/src/main/java/io/spiffe/svid/x509svid/X509Svid.java
@@ -120,14 +120,32 @@ public class X509Svid {
     }
 
     private static X509Svid createX509Svid(final byte[] certsBytes, final byte[] privateKeyBytes, KeyFileFormat keyFileFormat) throws X509SvidException {
+        List<X509Certificate> x509Certificates = generateX509Certificates(certsBytes);
+        PrivateKey privateKey = generatePrivateKey(privateKeyBytes, keyFileFormat, x509Certificates);
+        SpiffeId spiffeId = getSpiffeId(x509Certificates);
 
-        List<X509Certificate> x509Certificates;
-        try {
-            x509Certificates = CertificateUtils.generateCertificates(certsBytes);
-        } catch (CertificateParsingException e) {
-            throw new X509SvidException("Certificate could not be parsed from cert bytes", e);
+        validatePrivateKey(privateKey, x509Certificates);
+        validateLeafCertificate(x509Certificates.get(0));
+
+        // there is intermediate CA certificates
+        if (x509Certificates.size() > 1) {
+            validateSigningCertificates(x509Certificates);
         }
 
+        return new X509Svid(spiffeId, x509Certificates, privateKey);
+    }
+
+    private static SpiffeId getSpiffeId(final List<X509Certificate> x509Certificates) throws X509SvidException {
+        SpiffeId spiffeId;
+        try {
+            spiffeId = CertificateUtils.getSpiffeId(x509Certificates.get(0));
+        } catch (CertificateException e) {
+            throw new X509SvidException(e.getMessage(), e);
+        }
+        return spiffeId;
+    }
+
+    private static PrivateKey generatePrivateKey(final byte[] privateKeyBytes, final KeyFileFormat keyFileFormat, final List<X509Certificate> x509Certificates) throws X509SvidException {
         PrivateKeyAlgorithm algorithm = PrivateKeyAlgorithm.parse(x509Certificates.get(0).getPublicKey().getAlgorithm());
         PrivateKey privateKey;
         try {
@@ -135,22 +153,17 @@ public class X509Svid {
         } catch (InvalidKeySpecException | InvalidKeyException | NoSuchAlgorithmException e) {
             throw new X509SvidException("Private Key could not be parsed from key bytes", e);
         }
+        return privateKey;
+    }
 
-        SpiffeId spiffeId;
+    private static List<X509Certificate> generateX509Certificates(final byte[] certsBytes) throws X509SvidException {
+        final List<X509Certificate> x509Certificates;
         try {
-            spiffeId = CertificateUtils.getSpiffeId(x509Certificates.get(0));
-        } catch (CertificateException e) {
-            throw new X509SvidException(e.getMessage(), e);
+            x509Certificates = CertificateUtils.generateCertificates(certsBytes);
+        } catch (CertificateParsingException e) {
+            throw new X509SvidException("Certificate could not be parsed from cert bytes", e);
         }
-
-        validatePrivateKey(privateKey, x509Certificates);
-        validateLeafCertificate(x509Certificates.get(0));
-
-        if (x509Certificates.size() > 1) {
-            validateSigningCertificates(x509Certificates);
-        }
-
-        return new X509Svid(spiffeId, x509Certificates, privateKey);
+        return x509Certificates;
     }
 
     private static void validateSigningCertificates(final List<X509Certificate> certificates) throws X509SvidException {