Generalize CertificateWithPrivateKey

Author: uncleyo

src/main/java/com/scalepoint/oauth_token_client/CertificateUtil.java

@@ -5,14 +5,15 @@
 import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 
 final class CertificateUtil {
-    public static String getThumbprint(Certificate certificate) {
+    static String getThumbprint(Certificate certificate) {
         byte[] der;
         try {
             der = certificate.getEncoded();
@@ -32,14 +33,16 @@ public static String getThumbprint(Certificate certificate) {
         return new Base64UrlCodec().encode(digest);
     }
 
-    public static Boolean checkIfMatch(RSAPrivateKey privateKey, X509Certificate certificate) {
+    static Boolean checkIfMatch(PrivateKey privateKey, X509Certificate certificate) {
+        // Currently, only RSA validation is supported
+        RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) privateKey;
         RSAPublicKey rsaPublicKey = (RSAPublicKey) certificate.getPublicKey();
 
-        return rsaPublicKey.getModulus().equals(privateKey.getModulus())
+        return rsaPublicKey.getModulus().equals(rsaPrivateKey.getModulus())
                 && BigInteger.valueOf(2)
                 .modPow(
                         rsaPublicKey.getPublicExponent()
-                                .multiply(privateKey.getPrivateExponent())
+                                .multiply(rsaPrivateKey.getPrivateExponent())
                                 .subtract(BigInteger.ONE),
                         rsaPublicKey.getModulus())
                 .equals(BigInteger.ONE);

src/main/java/com/scalepoint/oauth_token_client/RSACertificateWithPrivateKey.java renamed to src/main/java/com/scalepoint/oauth_token_client/CertificateWithPrivateKey.java

@@ -1,22 +1,23 @@
 package com.scalepoint.oauth_token_client;
 
+import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
-import java.security.interfaces.RSAPrivateKey;
 
 /**
  * Container for RSA private key and its matching X509 certificate
  */
-public class RSACertificateWithPrivateKey {
+@SuppressWarnings("WeakerAccess")
+public class CertificateWithPrivateKey {
     private X509Certificate certificate;
-    private RSAPrivateKey privateKey;
+    private PrivateKey privateKey;
 
     /**
      * Create new container for private key and certificate
      *
      * @param privateKey  Private key
      * @param certificate X509 certificate
      */
-    public RSACertificateWithPrivateKey(RSAPrivateKey privateKey, X509Certificate certificate) {
+    public CertificateWithPrivateKey(PrivateKey privateKey, X509Certificate certificate) {
 
         if (!CertificateUtil.checkIfMatch(privateKey, certificate)) {
             throw new IllegalArgumentException("Certificate does not match private key");
@@ -36,7 +37,7 @@ public X509Certificate getCertificate() {
     /**
      * @return Private key
      */
-    public RSAPrivateKey getPrivateKey() {
+    public PrivateKey getPrivateKey() {
         return privateKey;
     }
 }

src/main/java/com/scalepoint/oauth_token_client/ClientAssertionJwtFactory.java

@@ -14,7 +14,7 @@ class ClientAssertionJwtFactory {
     private final Key key;
     private final String thumbprint;
 
-    public ClientAssertionJwtFactory(String tokenEndpointUri, String clientId, RSACertificateWithPrivateKey keyPair) {
+    public ClientAssertionJwtFactory(String tokenEndpointUri, String clientId, CertificateWithPrivateKey keyPair) {
         this.tokenEndpointUri = tokenEndpointUri;
         this.clientId = clientId;
         this.thumbprint = CertificateUtil.getThumbprint(keyPair.getCertificate());

src/main/java/com/scalepoint/oauth_token_client/JwtBearerClientAssertionCredentials.java

@@ -24,7 +24,7 @@ public class JwtBearerClientAssertionCredentials implements ClientCredentials {
      * @param keyPair          Certificate and private key. Certificate must be signed with SHA256. RSA keys must be 2048 bits long. Certificate must be associated with the client_id on the server.
      */
     @SuppressWarnings("SameParameterValue")
-    public JwtBearerClientAssertionCredentials(String tokenEndpointUri, String clientId, RSACertificateWithPrivateKey keyPair) {
+    public JwtBearerClientAssertionCredentials(String tokenEndpointUri, String clientId, CertificateWithPrivateKey keyPair) {
         this.assertionFactory = new ClientAssertionJwtFactory(tokenEndpointUri, clientId, keyPair);
         this.credentialThumbprint = DigestUtils.sha1Hex(
                 tokenEndpointUri

src/test/java/com/scalepoint/oauth_token_client/ClientAssertionJwtFactoryTest.java

@@ -20,7 +20,7 @@ public class ClientAssertionJwtFactoryTest {
 
     @BeforeClass
     public void init() {
-        RSACertificateWithPrivateKey keyPair = TestCertificateHelper.load();
+        CertificateWithPrivateKey keyPair = TestCertificateHelper.load();
         thumbprint = CertificateUtil.getThumbprint(keyPair.getCertificate());
         ClientAssertionJwtFactory factory = new ClientAssertionJwtFactory(TOKEN_ENDPOINT_URI, CLIENT_ID, keyPair);
         String tokenString = factory.CreateAssertionToken();

src/test/java/com/scalepoint/oauth_token_client/TestCertificateHelper.java

@@ -13,7 +13,7 @@
 
 class TestCertificateHelper {
 
-    public static RSACertificateWithPrivateKey load() {
+    public static CertificateWithPrivateKey load() {
         try {
             Properties config = new Properties();
             config.load(new FileInputStream("config.properties"));
@@ -23,12 +23,12 @@ public static RSACertificateWithPrivateKey load() {
         }
     }
 
-    private static RSACertificateWithPrivateKey getKeyPair(String keyStoreFileName, String keyStorePassword) throws KeyStoreException, IOException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException {
+    private static CertificateWithPrivateKey getKeyPair(String keyStoreFileName, String keyStorePassword) throws KeyStoreException, IOException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException {
         KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); // or KeyStore.getInstance("pkcs12", "SunJSSE") to load .pfx
         keyStore.load(new FileInputStream(keyStoreFileName), null);
         String a = keyStore.aliases().nextElement();
         RSAPrivateKey privateKey = (RSAPrivateKey) keyStore.getKey(a, keyStorePassword.toCharArray());
         X509Certificate certificate = (X509Certificate) keyStore.getCertificate(a);
-        return new RSACertificateWithPrivateKey(privateKey, certificate);
+        return new CertificateWithPrivateKey(privateKey, certificate);
     }
 }

src/test/java/com/scalepoint/oauth_token_client/ValidClientAssertionExpectationCallback.java

@@ -13,7 +13,7 @@ protected boolean isValid(HashMap<String, String> params) {
         if (!params.get("client_assertion_type").equals("urn:ietf:params:oauth:client-assertion-type:jwt-bearer"))
             return false;
 
-        RSACertificateWithPrivateKey keyPair = TestCertificateHelper.load();
+        CertificateWithPrivateKey keyPair = TestCertificateHelper.load();
         Jwts.parser().setSigningKey(keyPair.getPrivateKey()).parseClaimsJws(params.get("client_assertion"));
 
         return true;

src/test/java/com/scalepoint/oauth_token_client/ValidResourceScopedAccessRequestCallback.java

@@ -13,7 +13,7 @@ protected boolean isValid(HashMap<String, String> params) {
         if (!params.get("client_assertion_type").equals("urn:ietf:params:oauth:client-assertion-type:jwt-bearer"))
             return false;
 
-        RSACertificateWithPrivateKey keyPair = TestCertificateHelper.load();
+        CertificateWithPrivateKey keyPair = TestCertificateHelper.load();
         Jwts.parser().setSigningKey(keyPair.getPrivateKey()).parseClaimsJws(params.get("client_assertion"));
 
         if (!params.get("resource").equals("resource")) return false;