Search in sources :

Example 91 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtMacWrapperTest method test_wrapLegacy_throws.

@Test
public void test_wrapLegacy_throws() throws Exception {
    KeyTemplate rawTemplate = KeyTemplates.get("JWT_HS256_RAW");
    // Convert the normal, raw template into a template with output prefix type LEGACY
    KeyTemplate tinkTemplate = KeyTemplate.create(rawTemplate.getTypeUrl(), rawTemplate.getValue(), KeyTemplate.OutputPrefixType.LEGACY);
    KeysetHandle handle = KeysetHandle.generateNew(tinkTemplate);
    assertThrows(GeneralSecurityException.class, () -> handle.getPrimitive(JwtMac.class));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 92 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtMacWrapperTest method test_wrapSingleTinkKey_works.

@Test
public void test_wrapSingleTinkKey_works() throws Exception {
    KeyTemplate tinkTemplate = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(tinkTemplate);
    JwtMac jwtMac = handle.getPrimitive(JwtMac.class);
    RawJwt rawJwt = RawJwt.newBuilder().setJwtId("id123").withoutExpiration().build();
    String signedCompact = jwtMac.computeMacAndEncode(rawJwt);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    VerifiedJwt verifiedToken = jwtMac.verifyMacAndDecode(signedCompact, validator);
    assertThat(verifiedToken.getJwtId()).isEqualTo("id123");
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 93 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtMacWrapperTest method test_wrapMultipleKeys.

@Test
public void test_wrapMultipleKeys() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetManager manager = KeysetManager.withEmptyKeyset();
    manager.addNewKey(KeyTemplateProtoConverter.toProto(template), /*asPrimary=*/
    true);
    KeysetHandle oldHandle = manager.getKeysetHandle();
    manager.addNewKey(KeyTemplateProtoConverter.toProto(template), /*asPrimary=*/
    true);
    KeysetHandle newHandle = manager.getKeysetHandle();
    JwtMac oldJwtMac = oldHandle.getPrimitive(JwtMac.class);
    JwtMac newJwtMac = newHandle.getPrimitive(JwtMac.class);
    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
    String oldSignedCompact = oldJwtMac.computeMacAndEncode(rawToken);
    String newSignedCompact = newJwtMac.computeMacAndEncode(rawToken);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    assertThat(oldJwtMac.verifyMacAndDecode(oldSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
    assertThat(newJwtMac.verifyMacAndDecode(oldSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
    assertThat(newJwtMac.verifyMacAndDecode(newSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
    assertThrows(GeneralSecurityException.class, () -> oldJwtMac.verifyMacAndDecode(newSignedCompact, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeysetManager(com.google.crypto.tink.KeysetManager) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 94 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtMacWrapperTest method test_wrapSingleRawKey_works.

@Test
public void test_wrapSingleRawKey_works() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256_RAW");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    JwtMac jwtMac = handle.getPrimitive(JwtMac.class);
    RawJwt rawToken = RawJwt.newBuilder().setJwtId("id123").withoutExpiration().build();
    String signedCompact = jwtMac.computeMacAndEncode(rawToken);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    VerifiedJwt verifiedToken = jwtMac.verifyMacAndDecode(signedCompact, validator);
    assertThat(verifiedToken.getJwtId()).isEqualTo("id123");
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 95 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtHmacKeyManagerTest method validate_notBefore_clockSkew_success.

@Test
public void validate_notBefore_clockSkew_success() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    JwtMac mac = handle.getPrimitive(JwtMac.class);
    Clock clock1 = Clock.systemUTC();
    // This token cannot be used until 1 minute in the future.
    Instant notBefore = clock1.instant().plus(Duration.ofMinutes(1));
    RawJwt unverified = RawJwt.newBuilder().setNotBefore(notBefore).withoutExpiration().build();
    String compact = mac.computeMacAndEncode(unverified);
    // A clock skew of 1 minute is allowed.
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().setClockSkew(Duration.ofMinutes(1)).build();
    VerifiedJwt token = mac.verifyMacAndDecode(compact, validator);
    assertThat(token.getNotBefore()).isEqualTo(unverified.getNotBefore());
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Instant(java.time.Instant) ByteString(com.google.protobuf.ByteString) Clock(java.time.Clock) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Aggregations

KeyTemplate (com.google.crypto.tink.KeyTemplate)143 Test (org.junit.Test)135 KeysetHandle (com.google.crypto.tink.KeysetHandle)56 ByteString (com.google.protobuf.ByteString)39 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)37 KeyData (com.google.crypto.tink.proto.KeyData)16 Keyset (com.google.crypto.tink.proto.Keyset)12 JsonObject (com.google.gson.JsonObject)8 KeysetManager (com.google.crypto.tink.KeysetManager)7 BigInteger (java.math.BigInteger)7 Instant (java.time.Instant)7 Aead (com.google.crypto.tink.Aead)6 Enums (com.google.crypto.tink.subtle.Enums)6 Clock (java.time.Clock)6 AesEaxKeyFormat (com.google.crypto.tink.proto.AesEaxKeyFormat)5 AesCtrHmacStreamingKeyFormat (com.google.crypto.tink.proto.AesCtrHmacStreamingKeyFormat)4 AesGcmHkdfStreamingKeyFormat (com.google.crypto.tink.proto.AesGcmHkdfStreamingKeyFormat)4 AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)4 AesGcmSivKeyFormat (com.google.crypto.tink.proto.AesGcmSivKeyFormat)4 EciesAeadHkdfKeyFormat (com.google.crypto.tink.proto.EciesAeadHkdfKeyFormat)4