Adding a timestamp to the RsaKeyPairFactory, to assist in key rotation.
diff --git a/src/main/java/io/mifos/core/lang/security/RsaKeyPairFactory.java b/src/main/java/io/mifos/core/lang/security/RsaKeyPairFactory.java
index effa243..3e9b173 100644
--- a/src/main/java/io/mifos/core/lang/security/RsaKeyPairFactory.java
+++ b/src/main/java/io/mifos/core/lang/security/RsaKeyPairFactory.java
@@ -15,6 +15,8 @@
*/
package io.mifos.core.lang.security;
+import io.mifos.core.lang.DateConverter;
+
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
@@ -25,6 +27,8 @@
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
+import java.time.Clock;
+import java.time.LocalDateTime;
@SuppressWarnings({"WeakerAccess", "unused"})
public final class RsaKeyPairFactory {
@@ -45,26 +49,31 @@
final RSAPrivateKeySpec rsaPrivateKeySpec =
keyFactory.getKeySpec(keyPair.getPrivate(), RSAPrivateKeySpec.class);
+ final String timestamp = DateConverter.toIsoString(LocalDateTime.now(Clock.systemUTC()));
+ final String timestampWithoutNanos = timestamp.substring(0, timestamp.indexOf("."));
+ final String urlSafeTimeStamp = timestampWithoutNanos.replace(':', '_');
final RSAPublicKey publicKey = (RSAPublicKey) keyFactory.generatePublic(rsaPublicKeySpec);
final RSAPrivateKey privateKey = (RSAPrivateKey) keyFactory.generatePrivate(rsaPrivateKeySpec);
- return new KeyPairHolder(publicKey, privateKey);
+ return new KeyPairHolder(urlSafeTimeStamp, publicKey, privateKey);
} catch (final NoSuchAlgorithmException | InvalidKeySpecException e) {
throw new IllegalStateException("RSA problem.");
}
}
public static class KeyPairHolder {
-
+ private final String timestamp;
private final RSAPublicKey publicKey;
private final RSAPrivateKey privateKey;
- public KeyPairHolder(final RSAPublicKey publicKey, final RSAPrivateKey privateKey) {
+ public KeyPairHolder(final String timestamp, final RSAPublicKey publicKey, final RSAPrivateKey privateKey) {
super();
+ this.timestamp = timestamp;
this.publicKey = publicKey;
this.privateKey = privateKey;
}
+
public RSAPublicKey publicKey() {
return publicKey;
}
@@ -73,6 +82,10 @@
return privateKey;
}
+ public String getTimestamp() {
+ return timestamp;
+ }
+
public BigInteger getPublicKeyMod() {
return publicKey.getModulus();
}
@@ -89,4 +102,4 @@
return privateKey.getPrivateExponent();
}
}
-}
+}
\ No newline at end of file
diff --git a/src/test/java/io/mifos/core/lang/security/RsaKeyPairFactoryTest.java b/src/test/java/io/mifos/core/lang/security/RsaKeyPairFactoryTest.java
index 9626f08..f8aedb1 100644
--- a/src/test/java/io/mifos/core/lang/security/RsaKeyPairFactoryTest.java
+++ b/src/test/java/io/mifos/core/lang/security/RsaKeyPairFactoryTest.java
@@ -28,6 +28,7 @@
public void shouldCreateRsaKeys() throws Exception {
final RsaKeyPairFactory.KeyPairHolder keyPairHolder = RsaKeyPairFactory.createKeyPair();
Assert.assertNotNull(keyPairHolder);
+ Assert.assertNotNull(keyPairHolder.getTimestamp());
Assert.assertNotNull(keyPairHolder.publicKey());
Assert.assertNotNull(keyPairHolder.privateKey());
}
