Examples with KeyTemplate com.google.crypto.tink.KeyTemplate used on opensource projects

Search in sources :

Example 91 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtMacWrapperTest method test_wrapLegacy_throws.

@Test
public void test_wrapLegacy_throws() throws Exception {
    KeyTemplate rawTemplate = KeyTemplates.get("JWT_HS256_RAW");
    // Convert the normal, raw template into a template with output prefix type LEGACY
    KeyTemplate tinkTemplate = KeyTemplate.create(rawTemplate.getTypeUrl(), rawTemplate.getValue(), KeyTemplate.OutputPrefixType.LEGACY);
    KeysetHandle handle = KeysetHandle.generateNew(tinkTemplate);
    assertThrows(GeneralSecurityException.class, () -> handle.getPrimitive(JwtMac.class));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 92 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtMacWrapperTest method test_wrapSingleTinkKey_works.

@Test
public void test_wrapSingleTinkKey_works() throws Exception {
    KeyTemplate tinkTemplate = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(tinkTemplate);
    JwtMac jwtMac = handle.getPrimitive(JwtMac.class);
    RawJwt rawJwt = RawJwt.newBuilder().setJwtId("id123").withoutExpiration().build();
    String signedCompact = jwtMac.computeMacAndEncode(rawJwt);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    VerifiedJwt verifiedToken = jwtMac.verifyMacAndDecode(signedCompact, validator);
    assertThat(verifiedToken.getJwtId()).isEqualTo("id123");
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 93 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtMacWrapperTest method test_wrapMultipleKeys.

@Test
public void test_wrapMultipleKeys() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetManager manager = KeysetManager.withEmptyKeyset();
    manager.addNewKey(KeyTemplateProtoConverter.toProto(template), /*asPrimary=*/
    true);
    KeysetHandle oldHandle = manager.getKeysetHandle();
    manager.addNewKey(KeyTemplateProtoConverter.toProto(template), /*asPrimary=*/
    true);
    KeysetHandle newHandle = manager.getKeysetHandle();
    JwtMac oldJwtMac = oldHandle.getPrimitive(JwtMac.class);
    JwtMac newJwtMac = newHandle.getPrimitive(JwtMac.class);
    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
    String oldSignedCompact = oldJwtMac.computeMacAndEncode(rawToken);
    String newSignedCompact = newJwtMac.computeMacAndEncode(rawToken);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    assertThat(oldJwtMac.verifyMacAndDecode(oldSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
    assertThat(newJwtMac.verifyMacAndDecode(oldSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
    assertThat(newJwtMac.verifyMacAndDecode(newSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
    assertThrows(GeneralSecurityException.class, () -> oldJwtMac.verifyMacAndDecode(newSignedCompact, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeysetManager(com.google.crypto.tink.KeysetManager) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 94 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtMacWrapperTest method test_wrapSingleRawKey_works.

@Test
public void test_wrapSingleRawKey_works() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256_RAW");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    JwtMac jwtMac = handle.getPrimitive(JwtMac.class);
    RawJwt rawToken = RawJwt.newBuilder().setJwtId("id123").withoutExpiration().build();
    String signedCompact = jwtMac.computeMacAndEncode(rawToken);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    VerifiedJwt verifiedToken = jwtMac.verifyMacAndDecode(signedCompact, validator);
    assertThat(verifiedToken.getJwtId()).isEqualTo("id123");
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 95 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtHmacKeyManagerTest method validate_notBefore_clockSkew_success.

@Test
public void validate_notBefore_clockSkew_success() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    JwtMac mac = handle.getPrimitive(JwtMac.class);
    Clock clock1 = Clock.systemUTC();
    // This token cannot be used until 1 minute in the future.
    Instant notBefore = clock1.instant().plus(Duration.ofMinutes(1));
    RawJwt unverified = RawJwt.newBuilder().setNotBefore(notBefore).withoutExpiration().build();
    String compact = mac.computeMacAndEncode(unverified);
    // A clock skew of 1 minute is allowed.
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().setClockSkew(Duration.ofMinutes(1)).build();
    VerifiedJwt token = mac.verifyMacAndDecode(compact, validator);
    assertThat(token.getNotBefore()).isEqualTo(unverified.getNotBefore());
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Instant(java.time.Instant) ByteString(com.google.protobuf.ByteString) Clock(java.time.Clock) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Aggregations

KeyTemplate (com.google.crypto.tink.KeyTemplate)143 Test (org.junit.Test)135 KeysetHandle (com.google.crypto.tink.KeysetHandle)56 ByteString (com.google.protobuf.ByteString)39 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)37 KeyData (com.google.crypto.tink.proto.KeyData)16 Keyset (com.google.crypto.tink.proto.Keyset)12 JsonObject (com.google.gson.JsonObject)8 KeysetManager (com.google.crypto.tink.KeysetManager)7 BigInteger (java.math.BigInteger)7 Instant (java.time.Instant)7 Aead (com.google.crypto.tink.Aead)6 Enums (com.google.crypto.tink.subtle.Enums)6 Clock (java.time.Clock)6 AesEaxKeyFormat (com.google.crypto.tink.proto.AesEaxKeyFormat)5 AesCtrHmacStreamingKeyFormat (com.google.crypto.tink.proto.AesCtrHmacStreamingKeyFormat)4 AesGcmHkdfStreamingKeyFormat (com.google.crypto.tink.proto.AesGcmHkdfStreamingKeyFormat)4 AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)4 AesGcmSivKeyFormat (com.google.crypto.tink.proto.AesGcmSivKeyFormat)4 EciesAeadHkdfKeyFormat (com.google.crypto.tink.proto.EciesAeadHkdfKeyFormat)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial