refactor Algorithm to accept both keys

Author: lbalmaceda

lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java

@@ -4,12 +4,14 @@
 import com.auth0.jwt.exceptions.SignatureVerificationException;
 
 import java.io.UnsupportedEncodingException;
-import java.security.interfaces.ECKey;
-import java.security.interfaces.RSAKey;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.interfaces.*;
 
 /**
  * The Algorithm class represents an algorithm to be used in the Signing or Verification process of a Token.
  */
+@SuppressWarnings("WeakerAccess")
 public abstract class Algorithm {
 
     private final String name;
@@ -21,9 +23,13 @@ public abstract class Algorithm {
      * @param key the key to use in the verify or signing instance.
      * @return a valid RSA256 Algorithm.
      * @throws IllegalArgumentException if the provided Key is null.
+     * @deprecated use {@link #RSA256(RSAPublicKey, RSAPrivateKey)}
      */
+    @Deprecated
     public static Algorithm RSA256(RSAKey key) throws IllegalArgumentException {
-        return new RSAAlgorithm("RS256", "SHA256withRSA", key);
+        RSAPublicKey publicKey = key instanceof PublicKey ? (RSAPublicKey) key : null;
+        RSAPrivateKey privateKey = key instanceof PrivateKey ? (RSAPrivateKey) key : null;
+        return RSA256(publicKey, privateKey);
     }
 
     /**
@@ -32,9 +38,13 @@ public static Algorithm RSA256(RSAKey key) throws IllegalArgumentException {
      * @param key the key to use in the verify or signing instance.
      * @return a valid RSA384 Algorithm.
      * @throws IllegalArgumentException if the provided Key is null.
+     * @deprecated use {@link #RSA384(RSAPublicKey, RSAPrivateKey)}
      */
+    @Deprecated
     public static Algorithm RSA384(RSAKey key) throws IllegalArgumentException {
-        return new RSAAlgorithm("RS384", "SHA384withRSA", key);
+        RSAPublicKey publicKey = key instanceof PublicKey ? (RSAPublicKey) key : null;
+        RSAPrivateKey privateKey = key instanceof PrivateKey ? (RSAPrivateKey) key : null;
+        return RSA384(publicKey, privateKey);
     }
 
     /**
@@ -43,9 +53,49 @@ public static Algorithm RSA384(RSAKey key) throws IllegalArgumentException {
      * @param key the key to use in the verify or signing instance.
      * @return a valid RSA512 Algorithm.
      * @throws IllegalArgumentException if the provided Key is null.
+     * @deprecated use {@link #RSA512(RSAPublicKey, RSAPrivateKey)}
      */
+    @Deprecated
     public static Algorithm RSA512(RSAKey key) throws IllegalArgumentException {
-        return new RSAAlgorithm("RS512", "SHA512withRSA", key);
+        RSAPublicKey publicKey = key instanceof PublicKey ? (RSAPublicKey) key : null;
+        RSAPrivateKey privateKey = key instanceof PrivateKey ? (RSAPrivateKey) key : null;
+        return RSA512(publicKey, privateKey);
+    }
+
+    /**
+     * Creates a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256".
+     *
+     * @param publicKey  the key to use in the verify instance.
+     * @param privateKey the key to use in the signing instance.
+     * @return a valid RSA256 Algorithm.
+     * @throws IllegalArgumentException if both provided Keys are null.
+     */
+    public static Algorithm RSA256(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException {
+        return new RSAAlgorithm("RS256", "SHA256withRSA", publicKey, privateKey);
+    }
+
+    /**
+     * Creates a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384".
+     *
+     * @param publicKey  the key to use in the verify instance.
+     * @param privateKey the key to use in the signing instance.
+     * @return a valid RSA384 Algorithm.
+     * @throws IllegalArgumentException if both provided Keys are null.
+     */
+    public static Algorithm RSA384(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException {
+        return new RSAAlgorithm("RS384", "SHA384withRSA", publicKey, privateKey);
+    }
+
+    /**
+     * Creates a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512".
+     *
+     * @param publicKey  the key to use in the verify instance.
+     * @param privateKey the key to use in the signing instance.
+     * @return a valid RSA512 Algorithm.
+     * @throws IllegalArgumentException if both provided Keys are null.
+     */
+    public static Algorithm RSA512(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException {
+        return new RSAAlgorithm("RS512", "SHA512withRSA", publicKey, privateKey);
     }
 
     /**
@@ -123,9 +173,13 @@ public static Algorithm HMAC512(byte[] secret) throws IllegalArgumentException {
      * @param key the key to use in the verify or signing instance.
      * @return a valid ECDSA256 Algorithm.
      * @throws IllegalArgumentException if the provided Key is null.
+     * @deprecated use {@link #ECDSA256(ECPublicKey, ECPrivateKey)}
      */
+    @Deprecated
     public static Algorithm ECDSA256(ECKey key) throws IllegalArgumentException {
-        return new ECDSAAlgorithm("ES256", "SHA256withECDSA", 32, key);
+        ECPublicKey publicKey = key instanceof PublicKey ? (ECPublicKey) key : null;
+        ECPrivateKey privateKey = key instanceof PrivateKey ? (ECPrivateKey) key : null;
+        return ECDSA256(publicKey, privateKey);
     }
 
     /**
@@ -134,9 +188,13 @@ public static Algorithm ECDSA256(ECKey key) throws IllegalArgumentException {
      * @param key the key to use in the verify or signing instance.
      * @return a valid ECDSA384 Algorithm.
      * @throws IllegalArgumentException if the provided Key is null.
+     * @deprecated use {@link #ECDSA384(ECPublicKey, ECPrivateKey)}
      */
+    @Deprecated
     public static Algorithm ECDSA384(ECKey key) throws IllegalArgumentException {
-        return new ECDSAAlgorithm("ES384", "SHA384withECDSA", 48, key);
+        ECPublicKey publicKey = key instanceof PublicKey ? (ECPublicKey) key : null;
+        ECPrivateKey privateKey = key instanceof PrivateKey ? (ECPrivateKey) key : null;
+        return ECDSA384(publicKey, privateKey);
     }
 
     /**
@@ -145,9 +203,49 @@ public static Algorithm ECDSA384(ECKey key) throws IllegalArgumentException {
      * @param key the key to use in the verify or signing instance.
      * @return a valid ECDSA512 Algorithm.
      * @throws IllegalArgumentException if the provided Key is null.
+     * @deprecated use {@link #ECDSA512(ECPublicKey, ECPrivateKey)}
      */
+    @Deprecated
     public static Algorithm ECDSA512(ECKey key) throws IllegalArgumentException {
-        return new ECDSAAlgorithm("ES512", "SHA512withECDSA", 66, key);
+        ECPublicKey publicKey = key instanceof PublicKey ? (ECPublicKey) key : null;
+        ECPrivateKey privateKey = key instanceof PrivateKey ? (ECPrivateKey) key : null;
+        return ECDSA512(publicKey, privateKey);
+    }
+
+    /**
+     * Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256".
+     *
+     * @param publicKey  the key to use in the verify instance.
+     * @param privateKey the key to use in the signing instance.
+     * @return a valid ECDSA256 Algorithm.
+     * @throws IllegalArgumentException if the provided Key is null.
+     */
+    public static Algorithm ECDSA256(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException {
+        return new ECDSAAlgorithm("ES256", "SHA256withECDSA", 32, publicKey, privateKey);
+    }
+
+    /**
+     * Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384".
+     *
+     * @param publicKey  the key to use in the verify instance.
+     * @param privateKey the key to use in the signing instance.
+     * @return a valid ECDSA384 Algorithm.
+     * @throws IllegalArgumentException if the provided Key is null.
+     */
+    public static Algorithm ECDSA384(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException {
+        return new ECDSAAlgorithm("ES384", "SHA384withECDSA", 48, publicKey, privateKey);
+    }
+
+    /**
+     * Creates a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512".
+     *
+     * @param publicKey  the key to use in the verify instance.
+     * @param privateKey the key to use in the signing instance.
+     * @return a valid ECDSA512 Algorithm.
+     * @throws IllegalArgumentException if the provided Key is null.
+     */
+    public static Algorithm ECDSA512(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException {
+        return new ECDSAAlgorithm("ES512", "SHA512withECDSA", 66, publicKey, privateKey);
     }
 
     public static Algorithm none() {

lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java

@@ -5,46 +5,51 @@
 
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
 import java.security.SignatureException;
-import java.security.interfaces.ECKey;
 import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 
 class ECDSAAlgorithm extends Algorithm {
 
+    private final ECPublicKey publicKey;
+    private final ECPrivateKey privateKey;
     private final CryptoHelper crypto;
     private final int ecNumberSize;
-    private final ECKey key;
 
-    ECDSAAlgorithm(CryptoHelper crypto, String id, String algorithm, int ecNumberSize, ECKey key) throws IllegalArgumentException {
+    //Visible for testing
+    ECDSAAlgorithm(CryptoHelper crypto, String id, String algorithm, int ecNumberSize, ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException {
         super(id, algorithm);
-        if (key == null) {
-            throw new IllegalArgumentException("The ECKey cannot be null");
+        if (publicKey == null && privateKey == null) {
+            throw new IllegalArgumentException("Both provided Keys cannot be null.");
         }
+        this.publicKey = publicKey;
+        this.privateKey = privateKey;
         this.ecNumberSize = ecNumberSize;
-        this.key = key;
         this.crypto = crypto;
     }
 
-    ECDSAAlgorithm(String id, String algorithm, int ecNumberSize, ECKey key) throws IllegalArgumentException {
-        this(new CryptoHelper(), id, algorithm, ecNumberSize, key);
+    ECDSAAlgorithm(String id, String algorithm, int ecNumberSize, ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException {
+        this(new CryptoHelper(), id, algorithm, ecNumberSize, publicKey, privateKey);
     }
 
-    ECKey getKey() {
-        return key;
+    ECPublicKey getPublicKey() {
+        return publicKey;
+    }
+
+    ECPrivateKey getPrivateKey() {
+        return privateKey;
     }
 
     @Override
     public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureVerificationException {
         try {
-            if (!(key instanceof ECPublicKey)) {
-                throw new IllegalArgumentException("The given ECKey is not an ECPublicKey.");
+            if (publicKey == null) {
+                throw new IllegalArgumentException("The given Public Key is null.");
             }
             if (!isDERSignature(signatureBytes)) {
                 signatureBytes = JOSEToDER(signatureBytes);
             }
-            boolean valid = crypto.verifySignatureFor(getDescription(), (ECPublicKey) key, contentBytes, signatureBytes);
+            boolean valid = crypto.verifySignatureFor(getDescription(), publicKey, contentBytes, signatureBytes);
 
             if (!valid) {
                 throw new SignatureVerificationException(this);
@@ -57,10 +62,10 @@ public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureV
     @Override
     public byte[] sign(byte[] contentBytes) throws SignatureGenerationException {
         try {
-            if (!(key instanceof ECPrivateKey)) {
-                throw new IllegalArgumentException("The given ECKey is not a ECPrivateKey.");
+            if (privateKey == null) {
+                throw new IllegalArgumentException("The given Private Key is null.");
             }
-            return crypto.createSignatureFor(getDescription(), (PrivateKey) key, contentBytes);
+            return crypto.createSignatureFor(getDescription(), privateKey, contentBytes);
         } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException | IllegalArgumentException e) {
             throw new SignatureGenerationException(this, e);
         }

lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java

@@ -3,40 +3,48 @@
 import com.auth0.jwt.exceptions.SignatureGenerationException;
 import com.auth0.jwt.exceptions.SignatureVerificationException;
 
-import java.security.*;
-import java.security.interfaces.RSAKey;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SignatureException;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 
 class RSAAlgorithm extends Algorithm {
 
-    private final RSAKey key;
+    private final RSAPublicKey publicKey;
+    private final RSAPrivateKey privateKey;
     private final CryptoHelper crypto;
 
-    RSAAlgorithm(CryptoHelper crypto, String id, String algorithm, RSAKey key) throws IllegalArgumentException {
+    //Visible for testing
+    RSAAlgorithm(CryptoHelper crypto, String id, String algorithm, RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException {
         super(id, algorithm);
-        if (key == null) {
-            throw new IllegalArgumentException("The RSAKey cannot be null");
+        if (publicKey == null && privateKey == null) {
+            throw new IllegalArgumentException("Both provided Keys cannot be null.");
         }
-        this.key = key;
+        this.publicKey = publicKey;
+        this.privateKey = privateKey;
         this.crypto = crypto;
     }
 
-    RSAAlgorithm(String id, String algorithm, RSAKey key) throws IllegalArgumentException {
-        this(new CryptoHelper(), id, algorithm, key);
+    RSAAlgorithm(String id, String algorithm, RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException {
+        this(new CryptoHelper(), id, algorithm, publicKey, privateKey);
     }
 
-    RSAKey getKey() {
-        return key;
+    RSAPublicKey getPublicKey() {
+        return publicKey;
+    }
+
+    RSAPrivateKey getPrivateKey() {
+        return privateKey;
     }
 
     @Override
     public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureVerificationException {
         try {
-            if (!(key instanceof PublicKey)) {
-                throw new IllegalArgumentException("The given RSAKey is not a RSAPublicKey.");
+            if (publicKey == null) {
+                throw new IllegalArgumentException("The given Public Key is null.");
             }
-            boolean valid = crypto.verifySignatureFor(getDescription(), (RSAPublicKey) key, contentBytes, signatureBytes);
+            boolean valid = crypto.verifySignatureFor(getDescription(), publicKey, contentBytes, signatureBytes);
             if (!valid) {
                 throw new SignatureVerificationException(this);
             }
@@ -48,10 +56,10 @@ public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureV
     @Override
     public byte[] sign(byte[] contentBytes) throws SignatureGenerationException {
         try {
-            if (!(key instanceof PrivateKey)) {
-                throw new IllegalArgumentException("The given RSAKey is not a RSAPrivateKey.");
+            if (privateKey == null) {
+                throw new IllegalArgumentException("The given Private Key is null.");
             }
-            return crypto.createSignatureFor(getDescription(), (RSAPrivateKey) key, contentBytes);
+            return crypto.createSignatureFor(getDescription(), privateKey, contentBytes);
         } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException | IllegalArgumentException e) {
             throw new SignatureGenerationException(this, e);
         }