Search in sources :

Example 1 with RawJwt

use of com.google.crypto.tink.jwt.RawJwt in project tink by google.

the class JwtSign method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.err.printf("Expected 3 parameters, got %d\n", args.length);
        System.err.println("Usage: java JwtSign private-keyset-file audience token-file");
        System.exit(1);
    }
    File privateKeysetFile = new File(args[0]);
    String audience = args[1];
    File tokenFile = new File(args[2]);
    // Register all JWT signature key types with the Tink runtime.
    JwtSignatureConfig.register();
    // Read the private keyset into a KeysetHandle.
    KeysetHandle privateKeysetHandle = null;
    try {
        privateKeysetHandle = CleartextKeysetHandle.read(JsonKeysetReader.withFile(privateKeysetFile));
    } catch (GeneralSecurityException | IOException ex) {
        System.err.println("Cannot read keyset, got error: " + ex);
        System.exit(1);
    }
    // Get the primitive.
    JwtPublicKeySign signer = null;
    try {
        signer = privateKeysetHandle.getPrimitive(JwtPublicKeySign.class);
    } catch (GeneralSecurityException ex) {
        System.err.println("Cannot create primitive, got error: " + ex);
        System.exit(1);
    }
    // Use the primitive to sign a token that expires in 100 seconds.
    RawJwt rawJwt = RawJwt.newBuilder().addAudience(audience).setExpiration(Instant.now().plusSeconds(100)).build();
    String signedToken = signer.signAndEncode(rawJwt);
    try (FileOutputStream stream = new FileOutputStream(tokenFile)) {
        stream.write(signedToken.getBytes(UTF_8));
    }
    System.exit(0);
}
Also used : CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) KeysetHandle(com.google.crypto.tink.KeysetHandle) RawJwt(com.google.crypto.tink.jwt.RawJwt) GeneralSecurityException(java.security.GeneralSecurityException) FileOutputStream(java.io.FileOutputStream) JwtPublicKeySign(com.google.crypto.tink.jwt.JwtPublicKeySign) IOException(java.io.IOException) File(java.io.File)

Example 2 with RawJwt

use of com.google.crypto.tink.jwt.RawJwt in project tink by google.

the class JwtServiceImpl method convertJwtTokenToRawJwt.

private RawJwt convertJwtTokenToRawJwt(JwtToken token) throws JwtInvalidException {
    RawJwt.Builder rawJwtBuilder = RawJwt.newBuilder();
    if (token.hasTypeHeader()) {
        rawJwtBuilder.setTypeHeader(token.getTypeHeader().getValue());
    }
    if (token.hasIssuer()) {
        rawJwtBuilder.setIssuer(token.getIssuer().getValue());
    }
    if (token.hasSubject()) {
        rawJwtBuilder.setSubject(token.getSubject().getValue());
    }
    for (String audience : token.getAudiencesList()) {
        rawJwtBuilder.addAudience(audience);
    }
    if (token.hasJwtId()) {
        rawJwtBuilder.setJwtId(token.getJwtId().getValue());
    }
    if (token.hasExpiration()) {
        rawJwtBuilder.setExpiration(timestampToInstant(token.getExpiration()));
    } else {
        rawJwtBuilder.withoutExpiration();
    }
    if (token.hasNotBefore()) {
        rawJwtBuilder.setNotBefore(timestampToInstant(token.getNotBefore()));
    }
    if (token.hasIssuedAt()) {
        rawJwtBuilder.setIssuedAt(timestampToInstant(token.getIssuedAt()));
    }
    for (Map.Entry<String, JwtClaimValue> entry : token.getCustomClaimsMap().entrySet()) {
        String name = entry.getKey();
        JwtClaimValue value = entry.getValue();
        switch(value.getKindCase().getNumber()) {
            case JwtClaimValue.NULL_VALUE_FIELD_NUMBER:
                rawJwtBuilder.addNullClaim(name);
                break;
            case JwtClaimValue.BOOL_VALUE_FIELD_NUMBER:
                rawJwtBuilder.addBooleanClaim(name, value.getBoolValue());
                break;
            case JwtClaimValue.NUMBER_VALUE_FIELD_NUMBER:
                rawJwtBuilder.addNumberClaim(name, value.getNumberValue());
                break;
            case JwtClaimValue.STRING_VALUE_FIELD_NUMBER:
                rawJwtBuilder.addStringClaim(name, value.getStringValue());
                break;
            case JwtClaimValue.JSON_ARRAY_VALUE_FIELD_NUMBER:
                rawJwtBuilder.addJsonArrayClaim(name, value.getJsonArrayValue());
                break;
            case JwtClaimValue.JSON_OBJECT_VALUE_FIELD_NUMBER:
                rawJwtBuilder.addJsonObjectClaim(name, value.getJsonObjectValue());
                break;
            default:
                throw new RuntimeException("Unknown JwtClaimValue kind: " + value.getKindCase());
        }
    }
    return rawJwtBuilder.build();
}
Also used : RawJwt(com.google.crypto.tink.jwt.RawJwt) JwtClaimValue(com.google.crypto.tink.proto.testing.JwtClaimValue) ByteString(com.google.protobuf.ByteString) Map(java.util.Map)

Example 3 with RawJwt

use of com.google.crypto.tink.jwt.RawJwt in project tink by google.

the class JwtServiceImpl method publicKeySignAndEncode.

/**
 * Creates a signed compact JWT.
 */
@Override
public void publicKeySignAndEncode(JwtSignRequest request, StreamObserver<JwtSignResponse> responseObserver) {
    JwtSignResponse response;
    try {
        KeysetHandle keysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withBytes(request.getKeyset().toByteArray()));
        RawJwt rawJwt = convertJwtTokenToRawJwt(request.getRawJwt());
        JwtPublicKeySign signer = keysetHandle.getPrimitive(JwtPublicKeySign.class);
        String signedCompactJwt = signer.signAndEncode(rawJwt);
        response = JwtSignResponse.newBuilder().setSignedCompactJwt(signedCompactJwt).build();
    } catch (GeneralSecurityException | InvalidProtocolBufferException e) {
        response = JwtSignResponse.newBuilder().setErr(e.toString()).build();
    } catch (IOException e) {
        responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
        return;
    }
    responseObserver.onNext(response);
    responseObserver.onCompleted();
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) RawJwt(com.google.crypto.tink.jwt.RawJwt) GeneralSecurityException(java.security.GeneralSecurityException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) JwtPublicKeySign(com.google.crypto.tink.jwt.JwtPublicKeySign) JwtSignResponse(com.google.crypto.tink.proto.testing.JwtSignResponse) ByteString(com.google.protobuf.ByteString) IOException(java.io.IOException)

Example 4 with RawJwt

use of com.google.crypto.tink.jwt.RawJwt in project tink by google.

the class JwtServiceImpl method computeMacAndEncode.

/**
 * Creates a signed compact JWT.
 */
@Override
public void computeMacAndEncode(JwtSignRequest request, StreamObserver<JwtSignResponse> responseObserver) {
    JwtSignResponse response;
    try {
        KeysetHandle keysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withBytes(request.getKeyset().toByteArray()));
        RawJwt rawJwt = convertJwtTokenToRawJwt(request.getRawJwt());
        JwtMac jwtMac = keysetHandle.getPrimitive(JwtMac.class);
        String signedCompactJwt = jwtMac.computeMacAndEncode(rawJwt);
        response = JwtSignResponse.newBuilder().setSignedCompactJwt(signedCompactJwt).build();
    } catch (GeneralSecurityException | InvalidProtocolBufferException e) {
        response = JwtSignResponse.newBuilder().setErr(e.toString()).build();
    } catch (IOException e) {
        responseObserver.onError(Status.UNKNOWN.withDescription(e.getMessage()).asException());
        return;
    }
    responseObserver.onNext(response);
    responseObserver.onCompleted();
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) JwtMac(com.google.crypto.tink.jwt.JwtMac) RawJwt(com.google.crypto.tink.jwt.RawJwt) GeneralSecurityException(java.security.GeneralSecurityException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) JwtSignResponse(com.google.crypto.tink.proto.testing.JwtSignResponse) ByteString(com.google.protobuf.ByteString) IOException(java.io.IOException)

Aggregations

RawJwt (com.google.crypto.tink.jwt.RawJwt)4 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)3 KeysetHandle (com.google.crypto.tink.KeysetHandle)3 ByteString (com.google.protobuf.ByteString)3 IOException (java.io.IOException)3 GeneralSecurityException (java.security.GeneralSecurityException)3 JwtPublicKeySign (com.google.crypto.tink.jwt.JwtPublicKeySign)2 JwtSignResponse (com.google.crypto.tink.proto.testing.JwtSignResponse)2 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)2 JwtMac (com.google.crypto.tink.jwt.JwtMac)1 JwtClaimValue (com.google.crypto.tink.proto.testing.JwtClaimValue)1 File (java.io.File)1 FileOutputStream (java.io.FileOutputStream)1 Map (java.util.Map)1