Search in sources :

Example 6 with KeysetManager

use of com.google.crypto.tink.KeysetManager in project tink by google.

the class JwtMacWrapperTest method test_wrapNoPrimary_throws.

@Test
public void test_wrapNoPrimary_throws() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetManager manager = KeysetManager.withEmptyKeyset().add(template);
    KeysetHandle handle = manager.getKeysetHandle();
    assertThrows(GeneralSecurityException.class, () -> handle.getPrimitive(JwtMac.class));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeysetManager(com.google.crypto.tink.KeysetManager) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 7 with KeysetManager

use of com.google.crypto.tink.KeysetManager in project tink by google.

the class JwtMacWrapperTest method test_wrapMultipleKeys.

@Test
public void test_wrapMultipleKeys() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetManager manager = KeysetManager.withEmptyKeyset();
    manager.addNewKey(KeyTemplateProtoConverter.toProto(template), /*asPrimary=*/
    true);
    KeysetHandle oldHandle = manager.getKeysetHandle();
    manager.addNewKey(KeyTemplateProtoConverter.toProto(template), /*asPrimary=*/
    true);
    KeysetHandle newHandle = manager.getKeysetHandle();
    JwtMac oldJwtMac = oldHandle.getPrimitive(JwtMac.class);
    JwtMac newJwtMac = newHandle.getPrimitive(JwtMac.class);
    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
    String oldSignedCompact = oldJwtMac.computeMacAndEncode(rawToken);
    String newSignedCompact = newJwtMac.computeMacAndEncode(rawToken);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    assertThat(oldJwtMac.verifyMacAndDecode(oldSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
    assertThat(newJwtMac.verifyMacAndDecode(oldSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
    assertThat(newJwtMac.verifyMacAndDecode(newSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
    assertThrows(GeneralSecurityException.class, () -> oldJwtMac.verifyMacAndDecode(newSignedCompact, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeysetManager(com.google.crypto.tink.KeysetManager) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 8 with KeysetManager

use of com.google.crypto.tink.KeysetManager in project tink by google.

the class JwtPublicKeySignVerifyWrappersTest method test_noPrimary_getVerifyPrimitive_success.

@Test
public void test_noPrimary_getVerifyPrimitive_success() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_ES256");
    KeysetManager manager = KeysetManager.withEmptyKeyset().add(template);
    KeysetHandle publicHandle = manager.getKeysetHandle().getPublicKeysetHandle();
    publicHandle.getPrimitive(JwtPublicKeyVerify.class);
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeysetManager(com.google.crypto.tink.KeysetManager) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 9 with KeysetManager

use of com.google.crypto.tink.KeysetManager in project tink by google.

the class JwtPublicKeySignVerifyWrappersTest method test_noPrimary_getSignPrimitive_fails.

@Test
public void test_noPrimary_getSignPrimitive_fails() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_ES256");
    KeysetManager manager = KeysetManager.withEmptyKeyset().add(template);
    KeysetHandle handle = manager.getKeysetHandle();
    assertThrows(GeneralSecurityException.class, () -> handle.getPrimitive(JwtPublicKeySign.class));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeysetManager(com.google.crypto.tink.KeysetManager) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 10 with KeysetManager

use of com.google.crypto.tink.KeysetManager in project tink by google.

the class JwtPublicKeySignVerifyWrappersTest method test_wrapMultipleTinkKeys.

@Test
public void test_wrapMultipleTinkKeys() throws Exception {
    KeyTemplate tinkTemplate = KeyTemplates.get("JWT_ES256");
    KeysetManager manager = KeysetManager.withEmptyKeyset();
    manager.addNewKey(KeyTemplateProtoConverter.toProto(tinkTemplate), /*asPrimary=*/
    true);
    KeysetHandle oldHandle = manager.getKeysetHandle();
    manager.addNewKey(KeyTemplateProtoConverter.toProto(tinkTemplate), /*asPrimary=*/
    true);
    KeysetHandle newHandle = manager.getKeysetHandle();
    JwtPublicKeySign oldSigner = oldHandle.getPrimitive(JwtPublicKeySign.class);
    JwtPublicKeySign newSigner = newHandle.getPrimitive(JwtPublicKeySign.class);
    JwtPublicKeyVerify oldVerifier = oldHandle.getPublicKeysetHandle().getPrimitive(JwtPublicKeyVerify.class);
    JwtPublicKeyVerify newVerifier = newHandle.getPublicKeysetHandle().getPrimitive(JwtPublicKeyVerify.class);
    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
    String oldSignedCompact = oldSigner.signAndEncode(rawToken);
    String newSignedCompact = newSigner.signAndEncode(rawToken);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    assertThat(oldVerifier.verifyAndDecode(oldSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
    assertThat(newVerifier.verifyAndDecode(oldSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
    assertThat(newVerifier.verifyAndDecode(newSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
    assertThrows(GeneralSecurityException.class, () -> oldVerifier.verifyAndDecode(newSignedCompact, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) KeysetManager(com.google.crypto.tink.KeysetManager) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Aggregations

KeysetManager (com.google.crypto.tink.KeysetManager)11 KeyTemplate (com.google.crypto.tink.KeyTemplate)7 KeysetHandle (com.google.crypto.tink.KeysetHandle)7 Test (org.junit.Test)7 GeneralSecurityException (java.security.GeneralSecurityException)3 IOException (java.io.IOException)2 KeyData (com.google.crypto.tink.proto.KeyData)1 KeysetInfo (com.google.crypto.tink.proto.KeysetInfo)1 ProtoKey (com.google.crypto.tink.tinkkey.internal.ProtoKey)1 JsonArray (com.google.gson.JsonArray)1 JsonElement (com.google.gson.JsonElement)1 JsonObject (com.google.gson.JsonObject)1 JsonParseException (com.google.gson.JsonParseException)1 JsonReader (com.google.gson.stream.JsonReader)1 ByteString (com.google.protobuf.ByteString)1 StringReader (java.io.StringReader)1