Example 1 with RawJwt
use of com.google.crypto.tink.jwt.RawJwt in project tink by google.
the class JwtSign method main.
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.err.printf("Expected 3 parameters, got %d\n", args.length);
System.err.println("Usage: java JwtSign private-keyset-file audience token-file");
System.exit(1);
}
File privateKeysetFile = new File(args[0]);
String audience = args[1];
File tokenFile = new File(args[2]);
// Register all JWT signature key types with the Tink runtime.
JwtSignatureConfig.register();
// Read the private keyset into a KeysetHandle.
KeysetHandle privateKeysetHandle = null;
try {
privateKeysetHandle = CleartextKeysetHandle.read(JsonKeysetReader.withFile(privateKeysetFile));
} catch (GeneralSecurityException | IOException ex) {
System.err.println("Cannot read keyset, got error: " + ex);
System.exit(1);
}
// Get the primitive.
JwtPublicKeySign signer = null;
try {
signer = privateKeysetHandle.getPrimitive(JwtPublicKeySign.class);
} catch (GeneralSecurityException ex) {
System.err.println("Cannot create primitive, got error: " + ex);
System.exit(1);
}
// Use the primitive to sign a token that expires in 100 seconds.
RawJwt rawJwt = RawJwt.newBuilder().addAudience(audience).setExpiration(Instant.now().plusSeconds(100)).build();
String signedToken = signer.signAndEncode(rawJwt);
try (FileOutputStream stream = new FileOutputStream(tokenFile)) {
stream.write(signedToken.getBytes(UTF_8));
}
System.exit(0);
}
Also used :
CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle)
KeysetHandle(com.google.crypto.tink.KeysetHandle)
RawJwt(com.google.crypto.tink.jwt.RawJwt)
GeneralSecurityException(java.security.GeneralSecurityException)
FileOutputStream(java.io.FileOutputStream)
JwtPublicKeySign(com.google.crypto.tink.jwt.JwtPublicKeySign)
IOException(java.io.IOException)
File(java.io.File)
Example 2 with RawJwt
use of com.google.crypto.tink.jwt.RawJwt in project tink by google.
the class JwtServiceImpl method convertJwtTokenToRawJwt.
private RawJwt convertJwtTokenToRawJwt(JwtToken token) throws JwtInvalidException {
RawJwt.Builder rawJwtBuilder = RawJwt.newBuilder();
if (token.hasTypeHeader()) {
rawJwtBuilder.setTypeHeader(token.getTypeHeader().getValue());
}
if (token.hasIssuer()) {
rawJwtBuilder.setIssuer(token.getIssuer().getValue());
}
if (token.hasSubject()) {
rawJwtBuilder.setSubject(token.getSubject().getValue());
}
for (String audience : token.getAudiencesList()) {
rawJwtBuilder.addAudience(audience);
}
if (token.hasJwtId()) {
rawJwtBuilder.setJwtId(token.getJwtId().getValue());
}
if (token.hasExpiration()) {
rawJwtBuilder.setExpiration(timestampToInstant(token.getExpiration()));
} else {
rawJwtBuilder.withoutExpiration();
}
if (token.hasNotBefore()) {
rawJwtBuilder.setNotBefore(timestampToInstant(token.getNotBefore()));
}
if (token.hasIssuedAt()) {
rawJwtBuilder.setIssuedAt(timestampToInstant(token.getIssuedAt()));
}
for (Map.Entry<String, JwtClaimValue> entry : token.getCustomClaimsMap().entrySet()) {
String name = entry.getKey();
JwtClaimValue value = entry.getValue();
switch(value.getKindCase().getNumber()) {
case JwtClaimValue.NULL_VALUE_FIELD_NUMBER:
rawJwtBuilder.addNullClaim(name);
break;
case JwtClaimValue.BOOL_VALUE_FIELD_NUMBER:
rawJwtBuilder.addBooleanClaim(name, value.getBoolValue());
break;
case JwtClaimValue.NUMBER_VALUE_FIELD_NUMBER:
rawJwtBuilder.addNumberClaim(name, value.getNumberValue());
break;
case JwtClaimValue.STRING_VALUE_FIELD_NUMBER:
rawJwtBuilder.addStringClaim(name, value.getStringValue());
break;
case JwtClaimValue.JSON_ARRAY_VALUE_FIELD_NUMBER:
rawJwtBuilder.addJsonArrayClaim(name, value.getJsonArrayValue());
break;
case JwtClaimValue.JSON_OBJECT_VALUE_FIELD_NUMBER:
rawJwtBuilder.addJsonObjectClaim(name, value.getJsonObjectValue());
break;
default:
throw new RuntimeException("Unknown JwtClaimValue kind: " + value.getKindCase());
}
}
return rawJwtBuilder.build();
}
Also used :
RawJwt(com.google.crypto.tink.jwt.RawJwt)
JwtClaimValue(com.google.crypto.tink.proto.testing.JwtClaimValue)
ByteString(com.google.protobuf.ByteString)
Map(java.util.Map)
Example 3 with RawJwt
use of com.google.crypto.tink.jwt.RawJwt in project tink by google.
the class JwtServiceImpl method publicKeySignAndEncode.
/**
* Creates a signed compact JWT.
*/
@Override
public void publicKeySignAndEncode(JwtSignRequest request, StreamObserver<JwtSignResponse> responseObserver) {
JwtSignResponse response;
try {
KeysetHandle keysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withBytes(request.getKeyset().toByteArray()));
RawJwt rawJwt = convertJwtTokenToRawJwt(request.getRawJwt());
JwtPublicKeySign signer = keysetHandle.getPrimitive(JwtPublicKeySign.class);
String signedCompactJwt = signer.signAndEncode(rawJwt);
response = JwtSignResponse.newBuilder().setSignedCompactJwt(signedCompactJwt).build();
} catch (GeneralSecurityException | InvalidProtocolBufferException e) {
response = JwtSignResponse.newBuilder().setErr(e.toString()).build();
} catch (IOException e) {
responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
return;
}
responseObserver.onNext(response);
responseObserver.onCompleted();
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle)
RawJwt(com.google.crypto.tink.jwt.RawJwt)
GeneralSecurityException(java.security.GeneralSecurityException)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
JwtPublicKeySign(com.google.crypto.tink.jwt.JwtPublicKeySign)
JwtSignResponse(com.google.crypto.tink.proto.testing.JwtSignResponse)
ByteString(com.google.protobuf.ByteString)
IOException(java.io.IOException)
Example 4 with RawJwt
use of com.google.crypto.tink.jwt.RawJwt in project tink by google.
the class JwtServiceImpl method computeMacAndEncode.
/**
* Creates a signed compact JWT.
*/
@Override
public void computeMacAndEncode(JwtSignRequest request, StreamObserver<JwtSignResponse> responseObserver) {
JwtSignResponse response;
try {
KeysetHandle keysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withBytes(request.getKeyset().toByteArray()));
RawJwt rawJwt = convertJwtTokenToRawJwt(request.getRawJwt());
JwtMac jwtMac = keysetHandle.getPrimitive(JwtMac.class);
String signedCompactJwt = jwtMac.computeMacAndEncode(rawJwt);
response = JwtSignResponse.newBuilder().setSignedCompactJwt(signedCompactJwt).build();
} catch (GeneralSecurityException | InvalidProtocolBufferException e) {
response = JwtSignResponse.newBuilder().setErr(e.toString()).build();
} catch (IOException e) {
responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
return;
}
responseObserver.onNext(response);
responseObserver.onCompleted();
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle)
JwtMac(com.google.crypto.tink.jwt.JwtMac)
RawJwt(com.google.crypto.tink.jwt.RawJwt)
GeneralSecurityException(java.security.GeneralSecurityException)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
JwtSignResponse(com.google.crypto.tink.proto.testing.JwtSignResponse)
ByteString(com.google.protobuf.ByteString)
IOException(java.io.IOException)
Aggregations
RawJwt (com.google.crypto.tink.jwt.RawJwt)4
CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)3
KeysetHandle (com.google.crypto.tink.KeysetHandle)3
ByteString (com.google.protobuf.ByteString)3
IOException (java.io.IOException)3
GeneralSecurityException (java.security.GeneralSecurityException)3
JwtPublicKeySign (com.google.crypto.tink.jwt.JwtPublicKeySign)2
JwtSignResponse (com.google.crypto.tink.proto.testing.JwtSignResponse)2
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)2
JwtMac (com.google.crypto.tink.jwt.JwtMac)1
JwtClaimValue (com.google.crypto.tink.proto.testing.JwtClaimValue)1
File (java.io.File)1
FileOutputStream (java.io.FileOutputStream)1
Map (java.util.Map)1
