Examples with JwtEcdsaPrivateKey com.google.crypto.tink.proto.JwtEcdsaPrivateKey used on opensource projects

Search in sources :

Example 1 with JwtEcdsaPrivateKey

use of com.google.crypto.tink.proto.JwtEcdsaPrivateKey in project tink by google.

the class JwtEcdsaSignKeyManagerTest method createSignVerifyTink_withDifferentHeaders.

@Test
public void createSignVerifyTink_withDifferentHeaders() throws Exception {
    // KeysetHandle.generateNew is too slow in Tsan.
    assumeFalse(TestUtil.isTsan());
    KeyTemplate template = KeyTemplates.get("JWT_ES256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtEcdsaPrivateKey keyProto = JwtEcdsaPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    ECPrivateKey privateKey = EllipticCurves.getEcPrivateKey(JwtEcdsaVerifyKeyManager.getCurve(keyProto.getPublicKey().getAlgorithm()), keyProto.getKeyValue().toByteArray());
    JwtEcdsaAlgorithm algorithm = keyProto.getPublicKey().getAlgorithm();
    Enums.HashType hash = JwtEcdsaVerifyKeyManager.hashForEcdsaAlgorithm(algorithm);
    EcdsaSignJce rawSigner = new EcdsaSignJce(privateKey, hash, EcdsaEncoding.IEEE_P1363);
    String kid = JwtFormat.getKid(keyset.getKey(0).getKeyId(), keyset.getKey(0).getOutputPrefixType()).get();
    JsonObject payload = new JsonObject();
    payload.addProperty("jti", "jwtId");
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    JwtPublicKeyVerify verifier = handle.getPublicKeysetHandle().getPrimitive(JwtPublicKeyVerify.class);
    // Normal, valid signed token.
    JsonObject normalHeader = new JsonObject();
    normalHeader.addProperty("alg", "ES256");
    normalHeader.addProperty("kid", kid);
    String normalToken = generateSignedCompact(rawSigner, normalHeader, payload);
    verifier.verifyAndDecode(normalToken, validator);
    // token without kid are rejected, even if they are valid.
    JsonObject headerWithoutKid = new JsonObject();
    headerWithoutKid.addProperty("alg", "ES256");
    String tokenWithoutKid = generateSignedCompact(rawSigner, headerWithoutKid, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithoutKid, validator));
    // token without algorithm in the header
    JsonObject headerWithoutAlg = new JsonObject();
    headerWithoutAlg.addProperty("kid", kid);
    String tokenWithoutAlg = generateSignedCompact(rawSigner, headerWithoutAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithoutAlg, validator));
    // token with an incorrect algorithm in the header
    JsonObject headerWithBadAlg = new JsonObject();
    headerWithBadAlg.addProperty("kid", kid);
    headerWithBadAlg.addProperty("alg", "RS256");
    String badAlgToken = generateSignedCompact(rawSigner, headerWithBadAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(badAlgToken, validator));
    // token with an unknown kid header
    JsonObject unknownKidHeader = new JsonObject();
    unknownKidHeader.addProperty("alg", "ES256");
    unknownKidHeader.addProperty("kid", "unknown");
    String unknownKidSignedCompact = generateSignedCompact(rawSigner, unknownKidHeader, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(unknownKidSignedCompact, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) ECPrivateKey(java.security.interfaces.ECPrivateKey) JsonObject(com.google.gson.JsonObject) ByteString(com.google.protobuf.ByteString) JwtEcdsaPrivateKey(com.google.crypto.tink.proto.JwtEcdsaPrivateKey) Enums(com.google.crypto.tink.subtle.Enums) EcdsaSignJce(com.google.crypto.tink.subtle.EcdsaSignJce) JwtEcdsaAlgorithm(com.google.crypto.tink.proto.JwtEcdsaAlgorithm) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 2 with JwtEcdsaPrivateKey

use of com.google.crypto.tink.proto.JwtEcdsaPrivateKey in project tink by google.

the class JwtEcdsaSignKeyManagerTest method withCustomKid.

/* Create a new keyset handle with the "custom_kid" value set. */
private KeysetHandle withCustomKid(KeysetHandle keysetHandle, String customKid) throws Exception {
    Keyset keyset = CleartextKeysetHandle.getKeyset(keysetHandle);
    JwtEcdsaPrivateKey privateKey = JwtEcdsaPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    JwtEcdsaPublicKey publicKeyWithKid = privateKey.getPublicKey().toBuilder().setCustomKid(CustomKid.newBuilder().setValue(customKid).build()).build();
    JwtEcdsaPrivateKey privateKeyWithKid = privateKey.toBuilder().setPublicKey(publicKeyWithKid).build();
    KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(privateKeyWithKid.toByteString()).build();
    Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
    return CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) JwtEcdsaPublicKey(com.google.crypto.tink.proto.JwtEcdsaPublicKey) JwtEcdsaPrivateKey(com.google.crypto.tink.proto.JwtEcdsaPrivateKey) KeyData(com.google.crypto.tink.proto.KeyData)

Example 3 with JwtEcdsaPrivateKey

use of com.google.crypto.tink.proto.JwtEcdsaPrivateKey in project tink by google.

the class JwtEcdsaSignKeyManagerTest method createKey_alwaysNewElement_ok.

// Note: we use Theory as a parametrized test -- different from what the Theory framework intends.
@Theory
public void createKey_alwaysNewElement_ok(@FromDataPoints("parametersAlgos") JwtEcdsaAlgorithm algorithm) throws Exception {
    JwtEcdsaKeyFormat format = createKeyFormat(algorithm);
    Set<String> keys = new TreeSet<>();
    // Calls newKey multiple times and make sure that they generate different keys -- takes about a
    // second per key.
    int numTests = 5;
    for (int i = 0; i < numTests; i++) {
        JwtEcdsaPrivateKey key = factory.createKey(format);
        keys.add(TestUtil.hexEncode(key.getKeyValue().toByteArray()));
    }
    assertThat(keys).hasSize(numTests);
}
Also used : TreeSet(java.util.TreeSet) ByteString(com.google.protobuf.ByteString) JwtEcdsaPrivateKey(com.google.crypto.tink.proto.JwtEcdsaPrivateKey) JwtEcdsaKeyFormat(com.google.crypto.tink.proto.JwtEcdsaKeyFormat) Theory(org.junit.experimental.theories.Theory)

Example 4 with JwtEcdsaPrivateKey

use of com.google.crypto.tink.proto.JwtEcdsaPrivateKey in project tink by google.

the class JwtEcdsaSignKeyManagerTest method getPublicKey_checkValues.

// Note: we use Theory as a parametrized test -- different from what the Theory framework intends.
@Theory
public void getPublicKey_checkValues(@FromDataPoints("parametersAlgos") JwtEcdsaAlgorithm algorithm) throws Exception {
    JwtEcdsaPrivateKey privateKey = factory.createKey(createKeyFormat(algorithm));
    JwtEcdsaPublicKey publicKey = manager.getPublicKey(privateKey);
    assertThat(publicKey).isEqualTo(privateKey.getPublicKey());
}
Also used : JwtEcdsaPublicKey(com.google.crypto.tink.proto.JwtEcdsaPublicKey) JwtEcdsaPrivateKey(com.google.crypto.tink.proto.JwtEcdsaPrivateKey) Theory(org.junit.experimental.theories.Theory)

Example 5 with JwtEcdsaPrivateKey

use of com.google.crypto.tink.proto.JwtEcdsaPrivateKey in project tink by google.

the class JwtEcdsaSignKeyManagerTest method createKeys_ok.

// Note: we use Theory as a parametrized test -- different from what the Theory framework intends.
@Theory
public void createKeys_ok(@FromDataPoints("parametersAlgos") JwtEcdsaAlgorithm algorithm) throws Exception {
    JwtEcdsaKeyFormat format = createKeyFormat(algorithm);
    JwtEcdsaPrivateKey key = factory.createKey(format);
    checkConsistency(key, format);
}
Also used : JwtEcdsaPrivateKey(com.google.crypto.tink.proto.JwtEcdsaPrivateKey) JwtEcdsaKeyFormat(com.google.crypto.tink.proto.JwtEcdsaKeyFormat) Theory(org.junit.experimental.theories.Theory)

Aggregations

JwtEcdsaPrivateKey (com.google.crypto.tink.proto.JwtEcdsaPrivateKey)10 Theory (org.junit.experimental.theories.Theory)7 JwtEcdsaKeyFormat (com.google.crypto.tink.proto.JwtEcdsaKeyFormat)6 JwtEcdsaPublicKey (com.google.crypto.tink.proto.JwtEcdsaPublicKey)6 ByteString (com.google.protobuf.ByteString)4 Keyset (com.google.crypto.tink.proto.Keyset)3 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)2 KeyTemplate (com.google.crypto.tink.KeyTemplate)2 KeysetHandle (com.google.crypto.tink.KeysetHandle)2 JwtEcdsaAlgorithm (com.google.crypto.tink.proto.JwtEcdsaAlgorithm)2 EcdsaSignJce (com.google.crypto.tink.subtle.EcdsaSignJce)2 Enums (com.google.crypto.tink.subtle.Enums)2 JsonObject (com.google.gson.JsonObject)2 ECPrivateKey (java.security.interfaces.ECPrivateKey)2 Test (org.junit.Test)2 KeyData (com.google.crypto.tink.proto.KeyData)1 TreeSet (java.util.TreeSet)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial