Examples with KeyTemplate com.google.crypto.tink.KeyTemplate used on opensource projects

Search in sources :

Example 36 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtHmacKeyManagerTest method verify_wrongAudience_shouldThrow.

@Test
public void verify_wrongAudience_shouldThrow() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    JwtMac mac = handle.getPrimitive(JwtMac.class);
    RawJwt unverified = RawJwt.newBuilder().addAudience("foo").withoutExpiration().build();
    String compact = mac.computeMacAndEncode(unverified);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().expectAudience("bar").build();
    assertThrows(JwtInvalidException.class, () -> mac.verifyMacAndDecode(compact, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) ByteString(com.google.protobuf.ByteString) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 37 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtHmacKeyManagerTest method testHs384Template.

@Test
public void testHs384Template() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS384");
    assertThat(template.getTypeUrl()).isEqualTo(new JwtHmacKeyManager().getKeyType());
    assertThat(template.getOutputPrefixType()).isEqualTo(KeyTemplate.OutputPrefixType.TINK);
    JwtHmacKeyFormat format = JwtHmacKeyFormat.parseFrom(template.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    assertThat(format.getKeySize()).isEqualTo(48);
    assertThat(format.getAlgorithm()).isEqualTo(JwtHmacAlgorithm.HS384);
}
Also used : JwtHmacKeyFormat(com.google.crypto.tink.proto.JwtHmacKeyFormat) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 38 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtHmacKeyManagerTest method verify_noAudienceInValidator_shouldThrow.

@Test
public void verify_noAudienceInValidator_shouldThrow() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    JwtMac mac = handle.getPrimitive(JwtMac.class);
    RawJwt unverified = RawJwt.newBuilder().addAudience("foo").withoutExpiration().build();
    String compact = mac.computeMacAndEncode(unverified);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    assertThrows(JwtInvalidException.class, () -> mac.verifyMacAndDecode(compact, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) ByteString(com.google.protobuf.ByteString) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 39 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtHmacKeyManagerTest method validate_notBefore_success.

@Test
public void validate_notBefore_success() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    JwtMac mac = handle.getPrimitive(JwtMac.class);
    Clock clock1 = Clock.systemUTC();
    // This token cannot be used until 1 minute in the future.
    Instant notBefore = clock1.instant().plus(Duration.ofMinutes(1));
    RawJwt unverified = RawJwt.newBuilder().setNotBefore(notBefore).withoutExpiration().build();
    String compact = mac.computeMacAndEncode(unverified);
    // Move the clock to 2 minutes in the future.
    Clock clock2 = Clock.offset(clock1, Duration.ofMinutes(2));
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().setClock(clock2).build();
    VerifiedJwt token = mac.verifyMacAndDecode(compact, validator);
    assertThat(token.getNotBefore()).isEqualTo(unverified.getNotBefore());
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Instant(java.time.Instant) ByteString(com.google.protobuf.ByteString) Clock(java.time.Clock) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 40 with KeyTemplate

use of com.google.crypto.tink.KeyTemplate in project tink by google.

the class JwtHmacKeyManagerTest method createSignVerifyTink_withDifferentHeaders.

@Test
public void createSignVerifyTink_withDifferentHeaders() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtHmacKey keyProto = JwtHmacKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    byte[] keyValue = keyProto.getKeyValue().toByteArray();
    SecretKeySpec keySpec = new SecretKeySpec(keyValue, "HMAC");
    PrfHmacJce prf = new PrfHmacJce("HMACSHA256", keySpec);
    PrfMac rawPrimitive = new PrfMac(prf, prf.getMaxOutputLength());
    JwtMac primitive = handle.getPrimitive(JwtMac.class);
    String kid = JwtFormat.getKid(keyset.getKey(0).getKeyId(), keyset.getKey(0).getOutputPrefixType()).get();
    JsonObject payload = new JsonObject();
    payload.addProperty("jti", "jwtId");
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    // Normal, valid signed compact.
    JsonObject normalHeader = new JsonObject();
    normalHeader.addProperty("alg", "HS256");
    normalHeader.addProperty("kid", kid);
    String normalToken = generateSignedCompact(rawPrimitive, normalHeader, payload);
    primitive.verifyMacAndDecode(normalToken, validator);
    // valid token, with "typ" set in the header
    JsonObject headerWithTyp = new JsonObject();
    headerWithTyp.addProperty("alg", "HS256");
    headerWithTyp.addProperty("typ", "typeHeader");
    headerWithTyp.addProperty("kid", kid);
    String tokenWithTyp = generateSignedCompact(rawPrimitive, headerWithTyp, payload);
    primitive.verifyMacAndDecode(tokenWithTyp, JwtValidator.newBuilder().expectTypeHeader("typeHeader").allowMissingExpiration().build());
    // invalid token without algorithm
    JsonObject headerWithoutAlg = new JsonObject();
    headerWithoutAlg.addProperty("kid", kid);
    String tokenWithoutAlg = generateSignedCompact(rawPrimitive, headerWithoutAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> primitive.verifyMacAndDecode(tokenWithoutAlg, validator));
    // invalid token with a valid but incorrect algorithm in the header
    JsonObject headerWithBadAlg = new JsonObject();
    headerWithBadAlg.addProperty("alg", "RS256");
    headerWithBadAlg.addProperty("kid", kid);
    String tokenWithBadAlg = generateSignedCompact(rawPrimitive, headerWithBadAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> primitive.verifyMacAndDecode(tokenWithBadAlg, validator));
    // token with an unknown "kid" in the header is valid
    JsonObject headerWithUnknownKid = new JsonObject();
    headerWithUnknownKid.addProperty("alg", "HS256");
    headerWithUnknownKid.addProperty("kid", "unknown");
    String tokenWithUnknownKid = generateSignedCompact(rawPrimitive, headerWithUnknownKid, payload);
    assertThrows(GeneralSecurityException.class, () -> primitive.verifyMacAndDecode(tokenWithUnknownKid, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) PrfMac(com.google.crypto.tink.subtle.PrfMac) SecretKeySpec(javax.crypto.spec.SecretKeySpec) JwtHmacKey(com.google.crypto.tink.proto.JwtHmacKey) JsonObject(com.google.gson.JsonObject) PrfHmacJce(com.google.crypto.tink.subtle.PrfHmacJce) ByteString(com.google.protobuf.ByteString) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Aggregations

KeyTemplate (com.google.crypto.tink.KeyTemplate)143 Test (org.junit.Test)135 KeysetHandle (com.google.crypto.tink.KeysetHandle)56 ByteString (com.google.protobuf.ByteString)39 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)37 KeyData (com.google.crypto.tink.proto.KeyData)16 Keyset (com.google.crypto.tink.proto.Keyset)12 JsonObject (com.google.gson.JsonObject)8 KeysetManager (com.google.crypto.tink.KeysetManager)7 BigInteger (java.math.BigInteger)7 Instant (java.time.Instant)7 Aead (com.google.crypto.tink.Aead)6 Enums (com.google.crypto.tink.subtle.Enums)6 Clock (java.time.Clock)6 AesEaxKeyFormat (com.google.crypto.tink.proto.AesEaxKeyFormat)5 AesCtrHmacStreamingKeyFormat (com.google.crypto.tink.proto.AesCtrHmacStreamingKeyFormat)4 AesGcmHkdfStreamingKeyFormat (com.google.crypto.tink.proto.AesGcmHkdfStreamingKeyFormat)4 AesGcmKeyFormat (com.google.crypto.tink.proto.AesGcmKeyFormat)4 AesGcmSivKeyFormat (com.google.crypto.tink.proto.AesGcmSivKeyFormat)4 EciesAeadHkdfKeyFormat (com.google.crypto.tink.proto.EciesAeadHkdfKeyFormat)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial