Search in sources :

Example 1 with JwtPublicKeyVerify

use of com.google.crypto.tink.jwt.JwtPublicKeyVerify in project tink by google.

the class JwtServiceImpl method publicKeyVerifyAndDecode.

/**
 * Decodes and verifies a signed, compact JWT.
 */
@Override
public void publicKeyVerifyAndDecode(JwtVerifyRequest request, StreamObserver<JwtVerifyResponse> responseObserver) {
    JwtVerifyResponse response;
    try {
        KeysetHandle keysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withBytes(request.getKeyset().toByteArray()));
        JwtValidator validator = convertProtoValidatorToValidator(request.getValidator());
        JwtPublicKeyVerify verifier = keysetHandle.getPrimitive(JwtPublicKeyVerify.class);
        VerifiedJwt verifiedJwt = verifier.verifyAndDecode(request.getSignedCompactJwt(), validator);
        JwtToken token = convertVerifiedJwtToJwtToken(verifiedJwt);
        response = JwtVerifyResponse.newBuilder().setVerifiedJwt(token).build();
    } catch (GeneralSecurityException | InvalidProtocolBufferException e) {
        response = JwtVerifyResponse.newBuilder().setErr(e.toString()).build();
    } catch (IOException e) {
        responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
        return;
    }
    responseObserver.onNext(response);
    responseObserver.onCompleted();
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) JwtToken(com.google.crypto.tink.proto.testing.JwtToken) JwtValidator(com.google.crypto.tink.jwt.JwtValidator) VerifiedJwt(com.google.crypto.tink.jwt.VerifiedJwt) GeneralSecurityException(java.security.GeneralSecurityException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) JwtPublicKeyVerify(com.google.crypto.tink.jwt.JwtPublicKeyVerify) IOException(java.io.IOException) JwtVerifyResponse(com.google.crypto.tink.proto.testing.JwtVerifyResponse)

Example 2 with JwtPublicKeyVerify

use of com.google.crypto.tink.jwt.JwtPublicKeyVerify in project tink by google.

the class JwtVerify method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.err.printf("Expected 3 parameters, got %d\n", args.length);
        System.err.println("Usage: java JwtVerify public-jwk-set-file audience token-file");
        System.exit(1);
    }
    File publicJwkSetFile = new File(args[0]);
    String audience = args[1];
    File tokenFile = new File(args[2]);
    // Register all JWT signature key types with the Tink runtime.
    JwtSignatureConfig.register();
    // Read the public keyset in JWK set format into a KeysetHandle.
    KeysetHandle publicKeysetHandle = null;
    try {
        String publicJwkSet = new String(Files.readAllBytes(publicJwkSetFile.toPath()), UTF_8);
        publicKeysetHandle = JwkSetConverter.toKeysetHandle(publicJwkSet, KeyAccess.publicAccess());
    } catch (GeneralSecurityException | IOException ex) {
        System.err.println("Cannot read keyset, got error: " + ex);
        System.exit(1);
    }
    List<String> lines = Files.readAllLines(tokenFile.toPath());
    if (lines.size() != 1) {
        System.err.printf("The signature file should contain only one line,  got %d", lines.size());
        System.exit(1);
    }
    String signedToken = lines.get(0).trim();
    // Get the primitive.
    JwtPublicKeyVerify verifier = null;
    try {
        verifier = publicKeysetHandle.getPrimitive(JwtPublicKeyVerify.class);
    } catch (GeneralSecurityException ex) {
        System.err.println("Cannot create primitive, got error: " + ex);
        System.exit(1);
    }
    // Use the primitive to verify a token.
    try {
        JwtValidator validator = JwtValidator.newBuilder().expectAudience(audience).build();
        VerifiedJwt verifiedJwt = verifier.verifyAndDecode(signedToken, validator);
        long seconds = ChronoUnit.SECONDS.between(Instant.now(), verifiedJwt.getExpiration());
        System.out.println("Token is valid and expires in " + seconds + " seconds.");
    } catch (GeneralSecurityException ex) {
        System.err.println("JWT verification failed.");
        System.exit(1);
    }
    System.exit(0);
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) GeneralSecurityException(java.security.GeneralSecurityException) JwtValidator(com.google.crypto.tink.jwt.JwtValidator) VerifiedJwt(com.google.crypto.tink.jwt.VerifiedJwt) JwtPublicKeyVerify(com.google.crypto.tink.jwt.JwtPublicKeyVerify) IOException(java.io.IOException) File(java.io.File)

Aggregations

KeysetHandle (com.google.crypto.tink.KeysetHandle)2 JwtPublicKeyVerify (com.google.crypto.tink.jwt.JwtPublicKeyVerify)2 JwtValidator (com.google.crypto.tink.jwt.JwtValidator)2 VerifiedJwt (com.google.crypto.tink.jwt.VerifiedJwt)2 IOException (java.io.IOException)2 GeneralSecurityException (java.security.GeneralSecurityException)2 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)1 JwtToken (com.google.crypto.tink.proto.testing.JwtToken)1 JwtVerifyResponse (com.google.crypto.tink.proto.testing.JwtVerifyResponse)1 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1 File (java.io.File)1