replace bouncycastle with native java security in JWTUtils to read keys

virtualcell · May 16, 2024 · cc40b37 · cc40b37
1 parent 2c8aab3
commit cc40b37
Showing 1 changed file with 15 additions and 23 deletions.
diff --git a/vcell-server/src/main/java/org/vcell/auth/JWTUtils.java b/vcell-server/src/main/java/org/vcell/auth/JWTUtils.java
@@ -3,11 +3,6 @@
 import cbit.vcell.resource.PropertyLoader;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openssl.PEMKeyPair;
-import org.bouncycastle.openssl.PEMParser;
-import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 import org.jose4j.jwa.AlgorithmConstraints;
 import org.jose4j.jwk.RsaJsonWebKey;
 import org.jose4j.jwk.RsaJwkGenerator;
@@ -23,11 +18,17 @@
 import org.jose4j.lang.JoseException;
 import org.vcell.util.document.User;
 
-import java.io.FileReader;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
 import java.util.Arrays;
 import java.util.List;
 import java.util.stream.Collectors;
@@ -62,24 +63,15 @@ synchronized static void createRsaJsonWebKeyIfNeeded() throws JoseException {
         }
         try {
             // Read public key from file
-            FileReader reader = new FileReader(publicKeyFilePath);
-            PEMParser pemParser = new PEMParser(reader);
-            JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(new BouncyCastleProvider());
-            PublicKey publicKey = converter.getPublicKey((org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) pemParser.readObject());
+            byte[] publicKeyBytes = Files.readAllBytes(Paths.get(publicKeyFilePath));
+            X509EncodedKeySpec publicSpec = new X509EncodedKeySpec(publicKeyBytes);
+            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+            PublicKey publicKey = keyFactory.generatePublic(publicSpec);
 
             // Read private key from file
-            reader = new FileReader(privateKeyFilePath);
-            pemParser = new PEMParser(reader);
-            Object keyPairObject = pemParser.readObject();
-            final PrivateKeyInfo privateKeyInfo;
-            if (keyPairObject instanceof PEMKeyPair pemKeyPair) {
-                privateKeyInfo = pemKeyPair.getPrivateKeyInfo();
-            } else if (keyPairObject instanceof org.bouncycastle.asn1.pkcs.PrivateKeyInfo pkcsPrivateKeyInfo) {
-                privateKeyInfo = pkcsPrivateKeyInfo;
-            } else {
-                throw new RuntimeException("Error reading private key file");
-            }
-            PrivateKey privateKey = converter.getPrivateKey(privateKeyInfo);
+            byte[] privateKeyBytes = Files.readAllBytes(Paths.get(privateKeyFilePath));
+            PKCS8EncodedKeySpec privateSpec = new PKCS8EncodedKeySpec(privateKeyBytes);
+            PrivateKey privateKey = keyFactory.generatePrivate(privateSpec);
 
             // Create RsaJsonWebKey
             RsaJsonWebKey rsaJsonWebKey = new RsaJsonWebKey((java.security.interfaces.RSAPublicKey) publicKey);
@@ -88,7 +80,7 @@ synchronized static void createRsaJsonWebKeyIfNeeded() throws JoseException {
             rsaJsonWebKey.setKeyId("k1");
 
             JWTUtils.rsaJsonWebKey = rsaJsonWebKey;
-        } catch (IOException e) {
+        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
             throw new RuntimeException("Error reading public/private key files", e);
         }
     }