Examples with JwtRsaSsaPssKeyFormat com.google.crypto.tink.proto.JwtRsaSsaPssKeyFormat used on opensource projects

Example 1 with JwtRsaSsaPssKeyFormat

use of com.google.crypto.tink.proto.JwtRsaSsaPssKeyFormat in project tink by google.

the class JwtRsaSsaPssSignKeyManager method keyFactory.

@Override
public KeyFactory<JwtRsaSsaPssKeyFormat, JwtRsaSsaPssPrivateKey> keyFactory() {
    return new KeyFactory<JwtRsaSsaPssKeyFormat, JwtRsaSsaPssPrivateKey>(JwtRsaSsaPssKeyFormat.class) {

        @Override
        public void validateKeyFormat(JwtRsaSsaPssKeyFormat keyFormat) throws GeneralSecurityException {
            Validators.validateRsaModulusSize(keyFormat.getModulusSizeInBits());
            Validators.validateRsaPublicExponent(new BigInteger(1, keyFormat.getPublicExponent().toByteArray()));
        }

        @Override
        public JwtRsaSsaPssKeyFormat parseKeyFormat(ByteString byteString) throws InvalidProtocolBufferException {
            return JwtRsaSsaPssKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
        }

        @Override
        public JwtRsaSsaPssPrivateKey deriveKey(JwtRsaSsaPssKeyFormat format, InputStream inputStream) {
            throw new UnsupportedOperationException();
        }

        @Override
        public JwtRsaSsaPssPrivateKey createKey(JwtRsaSsaPssKeyFormat format) throws GeneralSecurityException {
            JwtRsaSsaPssAlgorithm algorithm = format.getAlgorithm();
            KeyPairGenerator keyGen = EngineFactory.KEY_PAIR_GENERATOR.getInstance("RSA");
            RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(format.getModulusSizeInBits(), new BigInteger(1, format.getPublicExponent().toByteArray()));
            keyGen.initialize(spec);
            KeyPair keyPair = keyGen.generateKeyPair();
            RSAPublicKey pubKey = (RSAPublicKey) keyPair.getPublic();
            RSAPrivateCrtKey privKey = (RSAPrivateCrtKey) keyPair.getPrivate();
            // Creates JwtRsaSsaPssPublicKey.
            JwtRsaSsaPssPublicKey pssPubKey = JwtRsaSsaPssPublicKey.newBuilder().setVersion(getVersion()).setAlgorithm(algorithm).setE(ByteString.copyFrom(pubKey.getPublicExponent().toByteArray())).setN(ByteString.copyFrom(pubKey.getModulus().toByteArray())).build();
            // Creates JwtRsaSsaPssPrivateKey.
            return JwtRsaSsaPssPrivateKey.newBuilder().setVersion(getVersion()).setPublicKey(pssPubKey).setD(ByteString.copyFrom(privKey.getPrivateExponent().toByteArray())).setP(ByteString.copyFrom(privKey.getPrimeP().toByteArray())).setQ(ByteString.copyFrom(privKey.getPrimeQ().toByteArray())).setDp(ByteString.copyFrom(privKey.getPrimeExponentP().toByteArray())).setDq(ByteString.copyFrom(privKey.getPrimeExponentQ().toByteArray())).setCrt(ByteString.copyFrom(privKey.getCrtCoefficient().toByteArray())).build();
        }

        /**
         * List of default templates to generate tokens with algorithms "PS256", "PS384" or "PS512".
         * Use the template with the "_RAW" suffix if you want to generate tokens without a "kid"
         * header.
         */
        @Override
        public Map<String, KeyFactory.KeyFormat<JwtRsaSsaPssKeyFormat>> keyFormats() {
            Map<String, KeyFactory.KeyFormat<JwtRsaSsaPssKeyFormat>> result = new HashMap<>();
            result.put("JWT_PS256_2048_F4_RAW", createKeyFormat(JwtRsaSsaPssAlgorithm.PS256, 2048, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.RAW));
            result.put("JWT_PS256_2048_F4", createKeyFormat(JwtRsaSsaPssAlgorithm.PS256, 2048, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.TINK));
            result.put("JWT_PS256_3072_F4_RAW", createKeyFormat(JwtRsaSsaPssAlgorithm.PS256, 3072, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.RAW));
            result.put("JWT_PS256_3072_F4", createKeyFormat(JwtRsaSsaPssAlgorithm.PS256, 3072, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.TINK));
            result.put("JWT_PS384_3072_F4_RAW", createKeyFormat(JwtRsaSsaPssAlgorithm.PS384, 3072, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.RAW));
            result.put("JWT_PS384_3072_F4", createKeyFormat(JwtRsaSsaPssAlgorithm.PS384, 3072, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.TINK));
            result.put("JWT_PS512_4096_F4_RAW", createKeyFormat(JwtRsaSsaPssAlgorithm.PS512, 4096, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.RAW));
            result.put("JWT_PS512_4096_F4", createKeyFormat(JwtRsaSsaPssAlgorithm.PS512, 4096, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.TINK));
            return Collections.unmodifiableMap(result);
        }
    };
}

Example 2 with JwtRsaSsaPssKeyFormat

use of com.google.crypto.tink.proto.JwtRsaSsaPssKeyFormat in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method createKeys_ok.

// Note: we use Theory as a parametrized test -- different from what the Theory framework intends.
@Theory
public void createKeys_ok(@FromDataPoints("algorithmParam") JwtRsaSsaPssAlgorithm algorithm, int keySize) throws Exception {
    if (TestUtil.isTsan()) {
        // We do not use assume because Theories expects to find something which is not skipped.
        return;
    }
    JwtRsaSsaPssKeyFormat format = createKeyFormat(algorithm, keySize, RSAKeyGenParameterSpec.F4);
    JwtRsaSsaPssPrivateKey key = factory.createKey(format);
    checkConsistency(key, format);
    checkKey(key);
}

Example 3 with JwtRsaSsaPssKeyFormat

use of com.google.crypto.tink.proto.JwtRsaSsaPssKeyFormat in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method invalidKeyFormat_smallPublicExponents_throw.

// Note: we use Theory as a parametrized test -- different from what the Theory framework intends.
@Theory
public void invalidKeyFormat_smallPublicExponents_throw(JwtRsaSsaPssAlgorithm algorithm, int keySize) throws GeneralSecurityException {
    JwtRsaSsaPssKeyFormat format = createKeyFormat(algorithm, keySize, RSAKeyGenParameterSpec.F4.subtract(BigInteger.ONE));
    assertThrows(GeneralSecurityException.class, () -> factory.validateKeyFormat(format));
}

Example 4 with JwtRsaSsaPssKeyFormat

use of com.google.crypto.tink.proto.JwtRsaSsaPssKeyFormat in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method createKey_alwaysNewElement_ok.

// This test needs to create several new keys, which is expensive. Therefore, we only do it for
// one set of parameters.
@Test
public void createKey_alwaysNewElement_ok() throws Exception {
    if (TestUtil.isTsan()) {
        // We do not use assume because Theories expects to find something which is not skipped.
        return;
    }
    JwtRsaSsaPssKeyFormat format = createKeyFormat(JwtRsaSsaPssAlgorithm.PS256, 2048, RSAKeyGenParameterSpec.F4);
    Set<String> keys = new TreeSet<>();
    // Calls newKey multiple times and make sure that they generate different keys -- takes about a
    // second per key.
    int numTests = 5;
    for (int i = 0; i < numTests; i++) {
        JwtRsaSsaPssPrivateKey key = factory.createKey(format);
        keys.add(TestUtil.hexEncode(key.getQ().toByteArray()));
        keys.add(TestUtil.hexEncode(key.getP().toByteArray()));
    }
    assertThat(keys).hasSize(2 * numTests);
}

Example 5 with JwtRsaSsaPssKeyFormat

use of com.google.crypto.tink.proto.JwtRsaSsaPssKeyFormat in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method checkTemplate.

private static void checkTemplate(KeyTemplate template, JwtRsaSsaPssAlgorithm algorithm, int moduloSize, int publicExponent) throws Exception {
    assertThat(template.getTypeUrl()).isEqualTo(new JwtRsaSsaPssSignKeyManager().getKeyType());
    JwtRsaSsaPssKeyFormat format = JwtRsaSsaPssKeyFormat.parseFrom(template.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    assertThat(format.getAlgorithm()).isEqualTo(algorithm);
    assertThat(format.getModulusSizeInBits()).isEqualTo(moduloSize);
    assertThat(new BigInteger(1, format.getPublicExponent().toByteArray())).isEqualTo(BigInteger.valueOf(publicExponent));
}