spiffe
/
java-spiffe
mirror of https://github.com/spiffe/java-spiffe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactor extracting methods to improve readability. 

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
This commit is contained in:
Max Lambrecht 2020-06-23 12:46:11 -03:00
parent 5221f838eb
commit cbca3a1ec2
2 changed files with 57 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
java-spiffe-core/src/main/java/io/spiffe/svid/jwtsvid/JwtSvid.java
View File

@ -107,16 +107,10 @@ public class JwtSvid {
throw new IllegalArgumentException("Token cannot be blank");
}
final SignedJWT signedJwt;
final JWTClaimsSet claimsSet;
try {
signedJwt = SignedJWT.parse(token);
claimsSet = signedJwt.getJWTClaimsSet();
} catch (ParseException e) {
throw new IllegalArgumentException("Unable to parse JWT token", e);
}
val signedJwt = getSignedJWT(token);
val claimsSet = getJwtClaimsSet(signedJwt);
Set<String> claimAudience = new HashSet<>(claimsSet.getAudience());
val claimAudience = new HashSet<>(claimsSet.getAudience());
validateAudience(claimAudience, audience);
val expirationTime = claimsSet.getExpirationTime();
@ -152,16 +146,10 @@ public class JwtSvid {
throw new IllegalArgumentException("Token cannot be blank");
}
final SignedJWT signedJwt;
final JWTClaimsSet claimsSet;
try {
signedJwt = SignedJWT.parse(token);
claimsSet = signedJwt.getJWTClaimsSet();
} catch (ParseException e) {
throw new IllegalArgumentException("Unable to parse JWT token", e);
}
val signedJwt = getSignedJWT(token);
val claimsSet = getJwtClaimsSet(signedJwt);
Set<String> claimAudience = new HashSet<>(claimsSet.getAudience());
val claimAudience = new HashSet<>(claimsSet.getAudience());
validateAudience(claimAudience, audience);
val expirationTime = claimsSet.getExpirationTime();
@ -186,10 +174,29 @@ public class JwtSvid {
* @return a copy of the expiration date time of the JWT SVID.
*/
public Date getExpiry() {
// defensive copying to prevent exposing a mutable object
// defensive copy to prevent exposing a mutable object
return new Date(expiry.getTime());
}
private static JWTClaimsSet getJwtClaimsSet(final SignedJWT signedJwt) {
final JWTClaimsSet claimsSet;
try {
claimsSet = signedJwt.getJWTClaimsSet();
} catch (ParseException e) {
throw new IllegalArgumentException("Unable to parse JWT token", e);
}
return claimsSet;
}
private static SignedJWT getSignedJWT(final String token) {
final SignedJWT signedJwt;
try {
signedJwt = SignedJWT.parse(token);
} catch (ParseException e) {
throw new IllegalArgumentException("Unable to parse JWT token", e);
}
return signedJwt;
}
private static void verifySignature(final SignedJWT signedJwt, final PublicKey jwtAuthority, final String algorithm, final String keyId) throws JwtSvidException {
boolean verify;

49
java-spiffe-core/src/main/java/io/spiffe/svid/x509svid/X509Svid.java
View File

@ -120,14 +120,32 @@ public class X509Svid {
}
private static X509Svid createX509Svid(final byte[] certsBytes, final byte[] privateKeyBytes, KeyFileFormat keyFileFormat) throws X509SvidException {
List<X509Certificate> x509Certificates = generateX509Certificates(certsBytes);
PrivateKey privateKey = generatePrivateKey(privateKeyBytes, keyFileFormat, x509Certificates);
SpiffeId spiffeId = getSpiffeId(x509Certificates);
List<X509Certificate> x509Certificates;
try {
x509Certificates = CertificateUtils.generateCertificates(certsBytes);
} catch (CertificateParsingException e) {
throw new X509SvidException("Certificate could not be parsed from cert bytes", e);
validatePrivateKey(privateKey, x509Certificates);
validateLeafCertificate(x509Certificates.get(0));
// there is intermediate CA certificates
if (x509Certificates.size() > 1) {
validateSigningCertificates(x509Certificates);
}
return new X509Svid(spiffeId, x509Certificates, privateKey);
}
private static SpiffeId getSpiffeId(final List<X509Certificate> x509Certificates) throws X509SvidException {
SpiffeId spiffeId;
try {
spiffeId = CertificateUtils.getSpiffeId(x509Certificates.get(0));
} catch (CertificateException e) {
throw new X509SvidException(e.getMessage(), e);
}
return spiffeId;
}
private static PrivateKey generatePrivateKey(final byte[] privateKeyBytes, final KeyFileFormat keyFileFormat, final List<X509Certificate> x509Certificates) throws X509SvidException {
PrivateKeyAlgorithm algorithm = PrivateKeyAlgorithm.parse(x509Certificates.get(0).getPublicKey().getAlgorithm());
PrivateKey privateKey;
try {
@ -135,22 +153,17 @@ public class X509Svid {
} catch (InvalidKeySpecException | InvalidKeyException | NoSuchAlgorithmException e) {
throw new X509SvidException("Private Key could not be parsed from key bytes", e);
}
return privateKey;
}
SpiffeId spiffeId;
private static List<X509Certificate> generateX509Certificates(final byte[] certsBytes) throws X509SvidException {
final List<X509Certificate> x509Certificates;
try {
spiffeId = CertificateUtils.getSpiffeId(x509Certificates.get(0));
} catch (CertificateException e) {
throw new X509SvidException(e.getMessage(), e);
x509Certificates = CertificateUtils.generateCertificates(certsBytes);
} catch (CertificateParsingException e) {
throw new X509SvidException("Certificate could not be parsed from cert bytes", e);
}
validatePrivateKey(privateKey, x509Certificates);
validateLeafCertificate(x509Certificates.get(0));
if (x509Certificates.size() > 1) {
validateSigningCertificates(x509Certificates);
}
return new X509Svid(spiffeId, x509Certificates, privateKey);
return x509Certificates;
}
private static void validateSigningCertificates(final List<X509Certificate> certificates) throws X509SvidException {