Settings: Remove overloading of publicKeyFor & privateKeyFor

@bryophyta pointed out that there were two public definitions of `publicKeyFor` & `privateKeyFor` in `CryptoConf.SettingsReader`: #151 (comment) The versions that accept `Array[Byte]` rather than `String` were for internal use only, and in the end I decided to inline them, with a bit of a change to the `keyFor()` helper method to make the two invocations more concise.
guardian · Aug 9, 2024 · 4c87946 · 4c87946
1 parent 412c1d6
commit 4c87946
Showing 1 changed file with 13 additions and 12 deletions.
diff --git a/pan-domain-auth-verification/src/main/scala/com/gu/pandomainauth/service/CryptoConf.scala b/pan-domain-auth-verification/src/main/scala/com/gu/pandomainauth/service/CryptoConf.scala
@@ -6,12 +6,10 @@ import com.gu.pandomainauth.service.CryptoConf.SettingsReader.{privateKeyFor, pu
 import com.gu.pandomainauth.{InvalidBase64, MissingSetting, PublicKeyFormatFailure}
 import org.apache.commons.codec.binary.Base64.{decodeBase64, isBase64}
 
-import java.security.spec.{InvalidKeySpecException, PKCS8EncodedKeySpec, X509EncodedKeySpec}
-import java.security.{PrivateKey, PublicKey}
+import java.security.spec.{InvalidKeySpecException, KeySpec, PKCS8EncodedKeySpec, X509EncodedKeySpec}
+import java.security.{KeyFactory, PrivateKey, PublicKey}
 import scala.util.Try
 
-
-
 object CryptoConf {
   case class SettingsReader(settingMap: Map[String,String]) {
     def setting(key: String): SettingsResult[String] = settingMap.get(key).toRight(MissingSetting(key))
@@ -25,20 +23,23 @@ object CryptoConf {
   }
 
   object SettingsReader {
-    def publicKeyFor(data: Array[Byte]) = keyFactory.generatePublic(new X509EncodedKeySpec(data))
-    def privateKeyFor(data: Array[Byte]) = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(data))
-
-    def bytesFromBase64(base64Encoded: String): SettingsResult[Array[Byte]] =
+    private def bytesFromBase64(base64Encoded: String): SettingsResult[Array[Byte]] =
       Either.cond(isBase64(base64Encoded), decodeBase64(base64Encoded), InvalidBase64)
 
-    private def keyFor[A](keyConstructor: Array[Byte] => A, base64EncodedKey: String): SettingsResult[A] = for {
+    private def keyFor[A](
+      base64EncodedKey: String,
+      keySpecFor: Array[Byte] => KeySpec,
+      keyForSpec: KeyFactory => KeySpec => A
+    ): SettingsResult[A] = for {
       bytes <- bytesFromBase64(base64EncodedKey)
-      key <- Try(keyConstructor(bytes)).map(Right(_)).recover {
+      key <- Try(keyForSpec(keyFactory)(keySpecFor(bytes))).map(Right(_)).recover {
         case _: InvalidKeySpecException => Left(PublicKeyFormatFailure)
       }.get
     } yield key
 
-    def publicKeyFor(base64EncodedKey: String): SettingsResult[PublicKey] = keyFor(publicKeyFor, base64EncodedKey)
-    def privateKeyFor(base64EncodedKey: String): SettingsResult[PrivateKey] = keyFor(privateKeyFor, base64EncodedKey)
+    def publicKeyFor(base64Key: String): SettingsResult[PublicKey] =
+      keyFor(base64Key, new X509EncodedKeySpec(_), _.generatePublic)
+    def privateKeyFor(base64Key: String): SettingsResult[PrivateKey] =
+      keyFor(base64Key, new PKCS8EncodedKeySpec(_), _.generatePrivate)
   }
 }