feat(encryption): allow custom loading of JWK sets (#214)

* allow custom loading of JWK sets
hyperwallet · Jul 4, 2024 · bdda6cb · bdda6cb
1 parent ec3ccab
commit bdda6cb
Showing 1 changed file with 19 additions and 5 deletions.
diff --git a/src/main/java/com/hyperwallet/clientsdk/util/HyperwalletEncryption.java b/src/main/java/com/hyperwallet/clientsdk/util/HyperwalletEncryption.java
@@ -106,8 +106,8 @@ public HyperwalletEncryption(JWEAlgorithm encryptionAlgorithm, JWSAlgorithm sign
 
     public String encrypt(String body) throws JOSEException, IOException, ParseException {
 
-        JWK clientPrivateKey = getKeyByAlgorithm(loadKeySet(clientPrivateKeySetLocation), signAlgorithm);
-        JWK hyperwalletPublicKey = getKeyByAlgorithm(loadKeySet(hyperwalletKeySetLocation), encryptionAlgorithm);
+        JWK clientPrivateKey = getKeyByAlgorithm(loadClientPrivateKeySet(), signAlgorithm);
+        JWK hyperwalletPublicKey = getKeyByAlgorithm(loadHyperwalletKeySet(), encryptionAlgorithm);
         JWSSigner jwsSigner = getJWSSigner(clientPrivateKey);
         JWEEncrypter jweEncrypter = getJWEEncrypter(hyperwalletPublicKey);
 
@@ -132,8 +132,8 @@ public String encrypt(String body) throws JOSEException, IOException, ParseExcep
 
     public String decrypt(String body) throws ParseException, IOException, JOSEException {
 
-        JWK privateKeyToDecrypt = getKeyByAlgorithm(loadKeySet(clientPrivateKeySetLocation), encryptionAlgorithm);
-        JWK publicKeyToSign = getKeyByAlgorithm(loadKeySet(hyperwalletKeySetLocation), signAlgorithm);
+        JWK privateKeyToDecrypt = getKeyByAlgorithm(loadClientPrivateKeySet(), encryptionAlgorithm);
+        JWK publicKeyToSign = getKeyByAlgorithm(loadHyperwalletKeySet(), signAlgorithm);
         JWEDecrypter jweDecrypter = getJWEDecrypter(privateKeyToDecrypt);
         JWSVerifier jwsVerifier = getJWSVerifier(publicKeyToSign);
 
@@ -148,6 +148,20 @@ public String decrypt(String body) throws ParseException, IOException, JOSEExcep
         return jwsObject.getPayload().toString();
     }
 
+    /**
+     * Allows clients to implement a custom loading of their private JWK set.
+     */
+    protected JWKSet loadClientPrivateKeySet() throws IOException, ParseException {
+        return loadKeySet(clientPrivateKeySetLocation);
+    }
+
+    /**
+     * Allows clients to implement a custom loading of Hyperwallet public JWK set.
+     */
+    protected JWKSet loadHyperwalletKeySet() throws IOException, ParseException {
+        return loadKeySet(hyperwalletKeySetLocation);
+    }
+
     public void verifySignatureExpirationDate(Object signatureExpirationDate) {
         if (signatureExpirationDate == null) {
             throw new HyperwalletException("exp JWS header param was null");
@@ -389,4 +403,4 @@ public HyperwalletEncryption build() {
             return hyperwalletEncryption;
         }
     }
-}
+}