use of com.google.crypto.tink.KeysetManager in project tink by google.
the class JwtMacWrapperTest method test_wrapNoPrimary_throws.
@Test
public void test_wrapNoPrimary_throws() throws Exception {
KeyTemplate template = KeyTemplates.get("JWT_HS256");
KeysetManager manager = KeysetManager.withEmptyKeyset().add(template);
KeysetHandle handle = manager.getKeysetHandle();
assertThrows(GeneralSecurityException.class, () -> handle.getPrimitive(JwtMac.class));
}
use of com.google.crypto.tink.KeysetManager in project tink by google.
the class JwtMacWrapperTest method test_wrapMultipleKeys.
@Test
public void test_wrapMultipleKeys() throws Exception {
KeyTemplate template = KeyTemplates.get("JWT_HS256");
KeysetManager manager = KeysetManager.withEmptyKeyset();
manager.addNewKey(KeyTemplateProtoConverter.toProto(template), /*asPrimary=*/
true);
KeysetHandle oldHandle = manager.getKeysetHandle();
manager.addNewKey(KeyTemplateProtoConverter.toProto(template), /*asPrimary=*/
true);
KeysetHandle newHandle = manager.getKeysetHandle();
JwtMac oldJwtMac = oldHandle.getPrimitive(JwtMac.class);
JwtMac newJwtMac = newHandle.getPrimitive(JwtMac.class);
RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
String oldSignedCompact = oldJwtMac.computeMacAndEncode(rawToken);
String newSignedCompact = newJwtMac.computeMacAndEncode(rawToken);
JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
assertThat(oldJwtMac.verifyMacAndDecode(oldSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
assertThat(newJwtMac.verifyMacAndDecode(oldSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
assertThat(newJwtMac.verifyMacAndDecode(newSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
assertThrows(GeneralSecurityException.class, () -> oldJwtMac.verifyMacAndDecode(newSignedCompact, validator));
}
use of com.google.crypto.tink.KeysetManager in project tink by google.
the class JwtPublicKeySignVerifyWrappersTest method test_noPrimary_getVerifyPrimitive_success.
@Test
public void test_noPrimary_getVerifyPrimitive_success() throws Exception {
KeyTemplate template = KeyTemplates.get("JWT_ES256");
KeysetManager manager = KeysetManager.withEmptyKeyset().add(template);
KeysetHandle publicHandle = manager.getKeysetHandle().getPublicKeysetHandle();
publicHandle.getPrimitive(JwtPublicKeyVerify.class);
}
use of com.google.crypto.tink.KeysetManager in project tink by google.
the class JwtPublicKeySignVerifyWrappersTest method test_noPrimary_getSignPrimitive_fails.
@Test
public void test_noPrimary_getSignPrimitive_fails() throws Exception {
KeyTemplate template = KeyTemplates.get("JWT_ES256");
KeysetManager manager = KeysetManager.withEmptyKeyset().add(template);
KeysetHandle handle = manager.getKeysetHandle();
assertThrows(GeneralSecurityException.class, () -> handle.getPrimitive(JwtPublicKeySign.class));
}
use of com.google.crypto.tink.KeysetManager in project tink by google.
the class JwtPublicKeySignVerifyWrappersTest method test_wrapMultipleTinkKeys.
@Test
public void test_wrapMultipleTinkKeys() throws Exception {
KeyTemplate tinkTemplate = KeyTemplates.get("JWT_ES256");
KeysetManager manager = KeysetManager.withEmptyKeyset();
manager.addNewKey(KeyTemplateProtoConverter.toProto(tinkTemplate), /*asPrimary=*/
true);
KeysetHandle oldHandle = manager.getKeysetHandle();
manager.addNewKey(KeyTemplateProtoConverter.toProto(tinkTemplate), /*asPrimary=*/
true);
KeysetHandle newHandle = manager.getKeysetHandle();
JwtPublicKeySign oldSigner = oldHandle.getPrimitive(JwtPublicKeySign.class);
JwtPublicKeySign newSigner = newHandle.getPrimitive(JwtPublicKeySign.class);
JwtPublicKeyVerify oldVerifier = oldHandle.getPublicKeysetHandle().getPrimitive(JwtPublicKeyVerify.class);
JwtPublicKeyVerify newVerifier = newHandle.getPublicKeysetHandle().getPrimitive(JwtPublicKeyVerify.class);
RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
String oldSignedCompact = oldSigner.signAndEncode(rawToken);
String newSignedCompact = newSigner.signAndEncode(rawToken);
JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
assertThat(oldVerifier.verifyAndDecode(oldSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
assertThat(newVerifier.verifyAndDecode(oldSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
assertThat(newVerifier.verifyAndDecode(newSignedCompact, validator).getJwtId()).isEqualTo("jwtId");
assertThrows(GeneralSecurityException.class, () -> oldVerifier.verifyAndDecode(newSignedCompact, validator));
}
Aggregations