Examples with JwtEcdsaPublicKey com.google.crypto.tink.proto.JwtEcdsaPublicKey used on opensource projects

Example 1 with JwtEcdsaPublicKey

use of com.google.crypto.tink.proto.JwtEcdsaPublicKey in project tink by google.

the class JwtEcdsaSignKeyManagerTest method withCustomKid.

/* Create a new keyset handle with the "custom_kid" value set. */
private KeysetHandle withCustomKid(KeysetHandle keysetHandle, String customKid) throws Exception {
    Keyset keyset = CleartextKeysetHandle.getKeyset(keysetHandle);
    JwtEcdsaPrivateKey privateKey = JwtEcdsaPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    JwtEcdsaPublicKey publicKeyWithKid = privateKey.getPublicKey().toBuilder().setCustomKid(CustomKid.newBuilder().setValue(customKid).build()).build();
    JwtEcdsaPrivateKey privateKeyWithKid = privateKey.toBuilder().setPublicKey(publicKeyWithKid).build();
    KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(privateKeyWithKid.toByteString()).build();
    Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
    return CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
}

Example 2 with JwtEcdsaPublicKey

use of com.google.crypto.tink.proto.JwtEcdsaPublicKey in project tink by google.

the class JwtEcdsaSignKeyManagerTest method getPublicKey_checkValues.

// Note: we use Theory as a parametrized test -- different from what the Theory framework intends.
@Theory
public void getPublicKey_checkValues(@FromDataPoints("parametersAlgos") JwtEcdsaAlgorithm algorithm) throws Exception {
    JwtEcdsaPrivateKey privateKey = factory.createKey(createKeyFormat(algorithm));
    JwtEcdsaPublicKey publicKey = manager.getPublicKey(privateKey);
    assertThat(publicKey).isEqualTo(privateKey.getPublicKey());
}

Example 3 with JwtEcdsaPublicKey

use of com.google.crypto.tink.proto.JwtEcdsaPublicKey in project tink by google.

the class JwtEcdsaSignKeyManager method keyFactory.

@Override
public KeyFactory<JwtEcdsaKeyFormat, JwtEcdsaPrivateKey> keyFactory() {
    return new KeyFactory<JwtEcdsaKeyFormat, JwtEcdsaPrivateKey>(JwtEcdsaKeyFormat.class) {

        @Override
        public void validateKeyFormat(JwtEcdsaKeyFormat format) throws GeneralSecurityException {
            JwtEcdsaVerifyKeyManager.validateEcdsaAlgorithm(format.getAlgorithm());
        }

        @Override
        public JwtEcdsaKeyFormat parseKeyFormat(ByteString byteString) throws InvalidProtocolBufferException {
            return JwtEcdsaKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
        }

        @Override
        public JwtEcdsaPrivateKey deriveKey(JwtEcdsaKeyFormat format, InputStream inputStream) {
            throw new UnsupportedOperationException();
        }

        @Override
        public JwtEcdsaPrivateKey createKey(JwtEcdsaKeyFormat format) throws GeneralSecurityException {
            JwtEcdsaAlgorithm ecdsaAlgorithm = format.getAlgorithm();
            KeyPair keyPair = EllipticCurves.generateKeyPair(JwtEcdsaVerifyKeyManager.getCurve(format.getAlgorithm()));
            ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
            ECPrivateKey privKey = (ECPrivateKey) keyPair.getPrivate();
            ECPoint w = pubKey.getW();
            // Creates JwtEcdsaPublicKey.
            JwtEcdsaPublicKey ecdsaPubKey = JwtEcdsaPublicKey.newBuilder().setVersion(getVersion()).setAlgorithm(ecdsaAlgorithm).setX(ByteString.copyFrom(w.getAffineX().toByteArray())).setY(ByteString.copyFrom(w.getAffineY().toByteArray())).build();
            // Creates JwtEcdsaPrivateKey.
            return JwtEcdsaPrivateKey.newBuilder().setVersion(getVersion()).setPublicKey(ecdsaPubKey).setKeyValue(ByteString.copyFrom(privKey.getS().toByteArray())).build();
        }

        /**
         * List of default templates to generate tokens with algorithms "ES256", "ES384" or "ES512".
         * Use the template with the "_RAW" suffix if you want to generate tokens without a "kid"
         * header.
         */
        @Override
        public Map<String, KeyFactory.KeyFormat<JwtEcdsaKeyFormat>> keyFormats() {
            Map<String, KeyFactory.KeyFormat<JwtEcdsaKeyFormat>> result = new HashMap<>();
            result.put("JWT_ES256_RAW", createKeyFormat(JwtEcdsaAlgorithm.ES256, KeyTemplate.OutputPrefixType.RAW));
            result.put("JWT_ES256", createKeyFormat(JwtEcdsaAlgorithm.ES256, KeyTemplate.OutputPrefixType.TINK));
            result.put("JWT_ES384_RAW", createKeyFormat(JwtEcdsaAlgorithm.ES384, KeyTemplate.OutputPrefixType.RAW));
            result.put("JWT_ES384", createKeyFormat(JwtEcdsaAlgorithm.ES384, KeyTemplate.OutputPrefixType.TINK));
            result.put("JWT_ES512_RAW", createKeyFormat(JwtEcdsaAlgorithm.ES512, KeyTemplate.OutputPrefixType.RAW));
            result.put("JWT_ES512", createKeyFormat(JwtEcdsaAlgorithm.ES512, KeyTemplate.OutputPrefixType.TINK));
            return Collections.unmodifiableMap(result);
        }
    };
}

Example 4 with JwtEcdsaPublicKey

use of com.google.crypto.tink.proto.JwtEcdsaPublicKey in project tink by google.

the class JwtEcdsaSignKeyManagerTest method createCorruptedPublicKeyPrimitive_throws.

// Note: we use Theory as a parametrized test -- different from what the Theory framework intends.
@Theory
public void createCorruptedPublicKeyPrimitive_throws(@FromDataPoints("parametersAlgos") JwtEcdsaAlgorithm algorithm) throws Exception {
    JwtEcdsaKeyFormat format = createKeyFormat(algorithm);
    JwtEcdsaPrivateKey originalKey = factory.createKey(format);
    byte[] originalPubX = originalKey.getPublicKey().getX().toByteArray();
    byte[] originalPubY = originalKey.getPublicKey().getY().toByteArray();
    originalPubX[0] = (byte) (originalPubX[0] ^ 0x01);
    ByteString corruptedPubX = ByteString.copyFrom(originalPubX);
    JwtEcdsaPublicKey corruptedPub = JwtEcdsaPublicKey.newBuilder().setVersion(originalKey.getPublicKey().getVersion()).setAlgorithm(algorithm).setX(corruptedPubX).setY(ByteString.copyFrom(originalPubY)).build();
    JwtEcdsaPrivateKey corruptedKey = JwtEcdsaPrivateKey.newBuilder().setVersion(originalKey.getVersion()).setPublicKey(corruptedPub).setKeyValue(originalKey.getKeyValue()).build();
    assertThrows(GeneralSecurityException.class, () -> manager.getPrimitive(corruptedKey, JwtPublicKeySignInternal.class));
}

Example 5 with JwtEcdsaPublicKey

use of com.google.crypto.tink.proto.JwtEcdsaPublicKey in project tink by google.

the class JwtEcdsaVerifyKeyManagerTest method createPrimitive_anotherKey_throw.

// Note: we use Theory as a parametrized test -- different from what the Theory framework intends.
@Theory
public void createPrimitive_anotherKey_throw(@FromDataPoints("parametersAlgos") JwtEcdsaAlgorithm algorithm) throws Exception {
    if (TestUtil.isTsan()) {
        // factory.createKey is too slow in Tsan.
        return;
    }
    JwtEcdsaKeyFormat keyFormat = JwtEcdsaKeyFormat.newBuilder().setAlgorithm(algorithm).build();
    JwtEcdsaPrivateKey privateKey = factory.createKey(keyFormat);
    // Create a different key.
    JwtEcdsaPublicKey publicKey = signManager.getPublicKey(factory.createKey(keyFormat));
    JwtPublicKeySignInternal signer = signManager.getPrimitive(privateKey, JwtPublicKeySignInternal.class);
    JwtPublicKeyVerifyInternal verifier = verifyManager.getPrimitive(publicKey, JwtPublicKeyVerifyInternal.class);
    RawJwt token = RawJwt.newBuilder().withoutExpiration().build();
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecodeWithKid(signer.signAndEncodeWithKid(token, Optional.empty()), validator, Optional.empty()));
}