Examples with KeyTemplate com.google.crypto.tink.KeyTemplate used on opensource projects

Search in sources :

Example 96 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtHmacKeyManagerTest method testRawHs256Template.

@Test
public void testRawHs256Template() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256_RAW");
    assertThat(template.getTypeUrl()).isEqualTo(manager.getKeyType());
    assertThat(template.getOutputPrefixType()).isEqualTo(KeyTemplate.OutputPrefixType.RAW);
    JwtHmacKeyFormat format = JwtHmacKeyFormat.parseFrom(template.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    assertThat(format.getKeySize()).isEqualTo(32);
    assertThat(format.getAlgorithm()).isEqualTo(JwtHmacAlgorithm.HS256);
}
Also used : JwtHmacKeyFormat(com.google.crypto.tink.proto.JwtHmacKeyFormat) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 97 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtHmacKeyManagerTest method verify_expired_shouldThrow.

@Test
public void verify_expired_shouldThrow() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    JwtMac mac = handle.getPrimitive(JwtMac.class);
    Clock clock1 = Clock.systemUTC();
    // This token expires in 1 minute in the future.
    RawJwt token = RawJwt.newBuilder().setExpiration(clock1.instant().plus(Duration.ofMinutes(1))).build();
    String compact = mac.computeMacAndEncode(token);
    // Move the clock to 2 minutes in the future.
    Clock clock2 = Clock.offset(clock1, Duration.ofMinutes(2));
    JwtValidator validator = JwtValidator.newBuilder().setClock(clock2).build();
    assertThrows(JwtInvalidException.class, () -> mac.verifyMacAndDecode(compact, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) ByteString(com.google.protobuf.ByteString) Clock(java.time.Clock) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 98 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtHmacKeyManagerTest method verify_noAudienceInJwt_shouldThrow.

@Test
public void verify_noAudienceInJwt_shouldThrow() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    JwtMac mac = handle.getPrimitive(JwtMac.class);
    RawJwt unverified = RawJwt.newBuilder().withoutExpiration().build();
    String compact = mac.computeMacAndEncode(unverified);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().expectAudience("foo").build();
    assertThrows(JwtInvalidException.class, () -> mac.verifyMacAndDecode(compact, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) ByteString(com.google.protobuf.ByteString) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 99 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtHmacKeyManagerTest method createSignVerifyDifferentKey_throw.

// Note: we use Theory as a parametrized test -- different from what the Theory framework intends.
@Theory
public void createSignVerifyDifferentKey_throw(String templateNames) throws Exception {
    KeyTemplate template = KeyTemplates.get(templateNames);
    KeysetHandle handle = KeysetHandle.generateNew(template);
    JwtMac primitive = handle.getPrimitive(JwtMac.class);
    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
    String compact = primitive.computeMacAndEncode(rawToken);
    KeysetHandle otherHandle = KeysetHandle.generateNew(template);
    JwtMac otherPrimitive = otherHandle.getPrimitive(JwtMac.class);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    assertThrows(GeneralSecurityException.class, () -> otherPrimitive.verifyMacAndDecode(compact, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) ByteString(com.google.protobuf.ByteString) KeyTemplate(com.google.crypto.tink.KeyTemplate) Theory(org.junit.experimental.theories.Theory)

Example 100 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtHmacKeyManagerTest method computeVerify_canGetData.

@Test
public void computeVerify_canGetData() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    JwtMac mac = handle.getPrimitive(JwtMac.class);
    String issuer = "google";
    String audience = "mybank";
    String jwtId = "user123";
    double amount = 0.1;
    RawJwt unverified = RawJwt.newBuilder().setTypeHeader("myType").setIssuer(issuer).addAudience(audience).setJwtId(jwtId).addNumberClaim("amount", amount).withoutExpiration().build();
    String compact = mac.computeMacAndEncode(unverified);
    JwtValidator validator = JwtValidator.newBuilder().expectTypeHeader("myType").expectIssuer(issuer).expectAudience(audience).allowMissingExpiration().build();
    VerifiedJwt token = mac.verifyMacAndDecode(compact, validator);
    assertThat(token.getTypeHeader()).isEqualTo("myType");
    assertThat(token.getNumberClaim("amount")).isEqualTo(amount);
    assertThat(token.getIssuer()).isEqualTo(issuer);
    assertThat(token.getAudiences()).containsExactly(audience);
    assertThat(token.getJwtId()).isEqualTo(jwtId);
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) ByteString(com.google.protobuf.ByteString) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Aggregations

KeyTemplate (com.google.crypto.tink.KeyTemplate)143 Test (org.junit.Test)135 KeysetHandle (com.google.crypto.tink.KeysetHandle)56 ByteString (com.google.protobuf.ByteString)39 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)37 KeyData (com.google.crypto.tink.proto.KeyData)16 Keyset (com.google.crypto.tink.proto.Keyset)12 JsonObject (com.google.gson.JsonObject)8 KeysetManager (com.google.crypto.tink.KeysetManager)7 BigInteger (java.math.BigInteger)7 Instant (java.time.Instant)7 Aead (com.google.crypto.tink.Aead)6 Enums (com.google.crypto.tink.subtle.Enums)6 Clock (java.time.Clock)6 AesEaxKeyFormat (com.google.crypto.tink.proto.AesEaxKeyFormat)5 AesCtrHmacStreamingKeyFormat (com.google.crypto.tink.proto.AesCtrHmacStreamingKeyFormat)4 AesGcmHkdfStreamingKeyFormat (com.google.crypto.tink.proto.AesGcmHkdfStreamingKeyFormat)4 AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)4 AesGcmSivKeyFormat (com.google.crypto.tink.proto.AesGcmSivKeyFormat)4 EciesAeadHkdfKeyFormat (com.google.crypto.tink.proto.EciesAeadHkdfKeyFormat)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial