Skip to content
This repository was archived by the owner on May 12, 2026. It is now read-only.

Commit 3d84edf

Browse files
diegomarquezpdiegomarquezp
committed
chore: format
1 parent a885a94 commit 3d84edf

1 file changed

Lines changed: 35 additions & 36 deletions

File tree

oauth2_http/java/com/google/auth/oauth2/OAuth2Utils.java

Lines changed: 35 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -285,19 +285,17 @@ public static PrivateKey privateKeyFromPkcs8(String privateKeyPkcs8) throws IOEx
285285
/**
286286
* Reads a private key from a PKCS#8 or SEC1 encoded string.
287287
*
288-
* <p>If the key is labeled with "-----BEGIN PRIVATE KEY-----", it is parsed as PKCS#8
289-
* as per RFC 7468 Section 10.
290-
* If it fails and the algorithm is EC, it attempts to read with "-----BEGIN EC PRIVATE KEY-----"
291-
* as per RFC 5915 Section 3, which indicates SEC1 format.
288+
* <p>If the key is labeled with "-----BEGIN PRIVATE KEY-----", it is parsed as PKCS#8 as per RFC
289+
* 7468 Section 10. If it fails and the algorithm is EC, it attempts to read with "-----BEGIN EC
290+
* PRIVATE KEY-----" as per RFC 5915 Section 3, which indicates SEC1 format.
292291
*
293292
* @see <a href="https://datatracker.ietf.org/doc/html/rfc7468#section-10">RFC 7468 Section 10</a>
294293
* @see <a href="https://datatracker.ietf.org/doc/html/rfc5915#section-3">RFC 5915 Section 3</a>
295-
*
296294
* @param privateKeyPkcs8 base64 encoded private key string
297295
* @param algorithm expected algorithm of the private key
298296
* @return the private key.
299-
* @throws IOException if the private key data is invalid or if an unexpected exception occurs during
300-
* key creation.
297+
* @throws IOException if the private key data is invalid or if an unexpected exception occurs
298+
* during key creation.
301299
*/
302300
public static PrivateKey privateKeyFromPkcs8(String privateKeyPkcs8, Pkcs8Algorithm algorithm)
303301
throws IOException {
@@ -325,22 +323,22 @@ public static PrivateKey privateKeyFromPkcs8(String privateKeyPkcs8, Pkcs8Algori
325323
throw new IOException("Unexpected exception reading PKCS#8 data", unexpectedException);
326324
}
327325

328-
329326
/**
330327
* Parses an EC private key in SEC1 format using fixed prefix verification.
331328
*
332-
* <p>This function assumes that standard SEC1 keys for P-256 generated by OpenSSL have a
333-
* known, stable structure of bytes at the beginning. This "fingerprint" allows us to verify
334-
* the format without complete ASN.1 parsing.
335-
* If the fingerprint matches, we can safely extract the private key value using fixed offsets.
329+
* <p>This function assumes that standard SEC1 keys for P-256 generated by OpenSSL have a known,
330+
* stable structure of bytes at the beginning. This "fingerprint" allows us to verify the format
331+
* without complete ASN.1 parsing. If the fingerprint matches, we can safely extract the private
332+
* key value using fixed offsets.
336333
*
337334
* @param bytes The raw bytes of the SEC1 key.
338335
* @return The PrivateKey object.
339336
* @throws GoogleAuthException If parsing fails or the key format is unsupported.
340337
*/
341338
private static PrivateKey privateKeyFromSec1(byte[] bytes) throws IOException {
342339
if (!hasStandardSec1P256Prefix(bytes)) {
343-
throw new GoogleAuthException(false, 0, "Unsupported SEC1 key format: standard prefix not found.", null);
340+
throw new GoogleAuthException(
341+
false, 0, "Unsupported SEC1 key format: standard prefix not found.", null);
344342
}
345343
BigInteger s = extractPrivateKeyValue(bytes);
346344
return createEcPrivateKey(s);
@@ -349,25 +347,29 @@ private static PrivateKey privateKeyFromSec1(byte[] bytes) throws IOException {
349347
/**
350348
* Verifies if the bytes start with the standard SEC1 P-256 prefix.
351349
*
352-
* <p>The prefix is derived from the standard DER encoding of the ECPrivateKey structure
353-
* defined in RFC 5915 Section 3.
354-
* For P-256 with named curve parameters and public key included, the prefix is stable:
355-
* <code>[0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20]</code>
350+
* <p>The prefix is derived from the standard DER encoding of the ECPrivateKey structure defined
351+
* in RFC 5915 Section 3. For P-256 with named curve parameters and public key included, the
352+
* prefix is stable: <code>[0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20]</code>
356353
*
357354
* @see <a href="https://datatracker.ietf.org/doc/html/rfc5915#section-3">RFC 5915 Section 3</a>
358-
*
359355
* @param bytes The raw bytes of the key.
360356
* @return true if the prefix matches.
361357
*/
362358
private static boolean hasStandardSec1P256Prefix(byte[] bytes) {
363359
if (bytes.length < 7) return false;
364-
return bytes[0] == 0x30 && // Sequence
365-
bytes[1] == 0x77 && // Length
366-
bytes[2] == 0x02 && // Integer
367-
bytes[3] == 0x01 && // Length
368-
bytes[4] == 0x01 && // Version
369-
bytes[5] == 0x04 && // Octet String
370-
bytes[6] == 0x20; // Length 32
360+
return bytes[0] == 0x30
361+
&& // Sequence
362+
bytes[1] == 0x77
363+
&& // Length
364+
bytes[2] == 0x02
365+
&& // Integer
366+
bytes[3] == 0x01
367+
&& // Length
368+
bytes[4] == 0x01
369+
&& // Version
370+
bytes[5] == 0x04
371+
&& // Octet String
372+
bytes[6] == 0x20; // Length 32
371373
}
372374

373375
/**
@@ -387,12 +389,10 @@ private static BigInteger extractPrivateKeyValue(byte[] bytes) {
387389
/**
388390
* Creates an EC PrivateKey from the private key value 's' using P-256 parameters.
389391
*
390-
* <p>Algorithm steps:
391-
* 1. Get an instance of AlgorithmParameters for "EC".
392-
* 2. Initialize it with secp256r1 curve spec (requirement as per GDCH supported curve).
393-
* 3. Extract ECParameterSpec from parameters.
394-
* 4. Create ECPrivateKeySpec with the extracted private key value and parameters.
395-
* 5. Generate PrivateKey using KeyFactory.
392+
* <p>Algorithm steps: 1. Get an instance of AlgorithmParameters for "EC". 2. Initialize it with
393+
* secp256r1 curve spec (requirement as per GDCH supported curve). 3. Extract ECParameterSpec from
394+
* parameters. 4. Create ECPrivateKeySpec with the extracted private key value and parameters. 5.
395+
* Generate PrivateKey using KeyFactory.
396396
*
397397
* @param s The private key value.
398398
* @return The PrivateKey object.
@@ -401,23 +401,22 @@ private static BigInteger extractPrivateKeyValue(byte[] bytes) {
401401
private static PrivateKey createEcPrivateKey(BigInteger s) throws IOException {
402402
try {
403403
AlgorithmParameters params = AlgorithmParameters.getInstance("EC");
404-
404+
405405
params.init(new ECGenParameterSpec("secp256r1"));
406-
406+
407407
ECParameterSpec ecParams = params.getParameterSpec(ECParameterSpec.class);
408408

409409
ECPrivateKeySpec keySpec = new ECPrivateKeySpec(s, ecParams);
410-
410+
411411
KeyFactory keyFactory = KeyFactory.getInstance("EC");
412-
412+
413413
return keyFactory.generatePrivate(keySpec);
414414
} catch (GeneralSecurityException e) {
415415
throw new GoogleAuthException(false, 0, "Failed to create EC Private Key", e);
416416
}
417417
}
418418

419419
/**
420-
421420
* Generates a Basic Authentication header string for the provided username and password.
422421
*
423422
* <p>This method constructs a Basic Authentication string using the provided username and

0 commit comments

Comments
 (0)