Examples with JwtRsaSsaPssPrivateKey com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey used on opensource projects

Search in sources :

Example 1 with JwtRsaSsaPssPrivateKey

use of com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method createKeys_ok.

// Note: we use Theory as a parametrized test -- different from what the Theory framework intends.
@Theory
public void createKeys_ok(@FromDataPoints("algorithmParam") JwtRsaSsaPssAlgorithm algorithm, int keySize) throws Exception {
    if (TestUtil.isTsan()) {
        // We do not use assume because Theories expects to find something which is not skipped.
        return;
    }
    JwtRsaSsaPssKeyFormat format = createKeyFormat(algorithm, keySize, RSAKeyGenParameterSpec.F4);
    JwtRsaSsaPssPrivateKey key = factory.createKey(format);
    checkConsistency(key, format);
    checkKey(key);
}
Also used : JwtRsaSsaPssPrivateKey(com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey) JwtRsaSsaPssKeyFormat(com.google.crypto.tink.proto.JwtRsaSsaPssKeyFormat) Theory(org.junit.experimental.theories.Theory)

Example 2 with JwtRsaSsaPssPrivateKey

use of com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method createSignVerifyTink_withDifferentHeaders.

@Test
public void createSignVerifyTink_withDifferentHeaders() throws Exception {
    // creating keys is too slow in Tsan.
    assumeFalse(TestUtil.isTsan());
    KeyTemplate template = KeyTemplates.get("JWT_PS256_2048_F4");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtRsaSsaPssPrivateKey keyProto = JwtRsaSsaPssPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    RSAPrivateCrtKey privateKey = createPrivateKey(keyProto);
    JwtRsaSsaPssAlgorithm algorithm = keyProto.getPublicKey().getAlgorithm();
    Enums.HashType hash = JwtRsaSsaPssVerifyKeyManager.hashForPssAlgorithm(algorithm);
    int saltLength = JwtRsaSsaPssVerifyKeyManager.saltLengthForPssAlgorithm(algorithm);
    RsaSsaPssSignJce rawSigner = new RsaSsaPssSignJce(privateKey, hash, hash, saltLength);
    JwtPublicKeyVerify verifier = handle.getPublicKeysetHandle().getPrimitive(JwtPublicKeyVerify.class);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    String kid = JwtFormat.getKid(keyset.getKey(0).getKeyId(), keyset.getKey(0).getOutputPrefixType()).get();
    JsonObject payload = new JsonObject();
    payload.addProperty("jti", "jwtId");
    // normal, valid token
    JsonObject normalHeader = new JsonObject();
    normalHeader.addProperty("alg", "PS256");
    normalHeader.addProperty("kid", kid);
    String validToken = generateSignedCompact(rawSigner, normalHeader, payload);
    verifier.verifyAndDecode(validToken, validator);
    // token without kid are rejected, even if they are valid.
    JsonObject headerWithoutKid = new JsonObject();
    headerWithoutKid.addProperty("alg", "PS256");
    String tokenWithoutKid = generateSignedCompact(rawSigner, headerWithoutKid, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithoutKid, validator));
    // token without algorithm in header
    JsonObject headerWithoutAlg = new JsonObject();
    headerWithoutAlg.addProperty("kid", kid);
    String tokenWithoutAlg = generateSignedCompact(rawSigner, headerWithoutAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithoutAlg, validator));
    // invalid token with an incorrect algorithm in the header
    JsonObject headerWithBadAlg = new JsonObject();
    headerWithBadAlg.addProperty("alg", "RS256");
    headerWithBadAlg.addProperty("kid", kid);
    String tokenWithBadAlg = generateSignedCompact(rawSigner, headerWithBadAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithBadAlg, validator));
    // token with an unknown "kid" in the header is invalid
    JsonObject headerWithUnknownKid = new JsonObject();
    headerWithUnknownKid.addProperty("alg", "PS256");
    headerWithUnknownKid.addProperty("kid", "unknown");
    String tokenWithUnknownKid = generateSignedCompact(rawSigner, headerWithUnknownKid, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(tokenWithUnknownKid, validator));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey) JsonObject(com.google.gson.JsonObject) ByteString(com.google.protobuf.ByteString) RsaSsaPssSignJce(com.google.crypto.tink.subtle.RsaSsaPssSignJce) Enums(com.google.crypto.tink.subtle.Enums) JwtRsaSsaPssPrivateKey(com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey) JwtRsaSsaPssAlgorithm(com.google.crypto.tink.proto.JwtRsaSsaPssAlgorithm) KeyTemplate(com.google.crypto.tink.KeyTemplate) Test(org.junit.Test)

Example 3 with JwtRsaSsaPssPrivateKey

use of com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method withCustomKid.

/* Create a new keyset handle with the "custom_kid" value set. */
private KeysetHandle withCustomKid(KeysetHandle keysetHandle, String customKid) throws Exception {
    Keyset keyset = CleartextKeysetHandle.getKeyset(keysetHandle);
    JwtRsaSsaPssPrivateKey privateKey = JwtRsaSsaPssPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    JwtRsaSsaPssPublicKey publicKeyWithKid = privateKey.getPublicKey().toBuilder().setCustomKid(CustomKid.newBuilder().setValue(customKid).build()).build();
    JwtRsaSsaPssPrivateKey privateKeyWithKid = privateKey.toBuilder().setPublicKey(publicKeyWithKid).build();
    KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(privateKeyWithKid.toByteString()).build();
    Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
    return CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) JwtRsaSsaPssPublicKey(com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey) JwtRsaSsaPssPrivateKey(com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey) KeyData(com.google.crypto.tink.proto.KeyData)

Example 4 with JwtRsaSsaPssPrivateKey

use of com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method createKey_alwaysNewElement_ok.

// This test needs to create several new keys, which is expensive. Therefore, we only do it for
// one set of parameters.
@Test
public void createKey_alwaysNewElement_ok() throws Exception {
    if (TestUtil.isTsan()) {
        // We do not use assume because Theories expects to find something which is not skipped.
        return;
    }
    JwtRsaSsaPssKeyFormat format = createKeyFormat(JwtRsaSsaPssAlgorithm.PS256, 2048, RSAKeyGenParameterSpec.F4);
    Set<String> keys = new TreeSet<>();
    // Calls newKey multiple times and make sure that they generate different keys -- takes about a
    // second per key.
    int numTests = 5;
    for (int i = 0; i < numTests; i++) {
        JwtRsaSsaPssPrivateKey key = factory.createKey(format);
        keys.add(TestUtil.hexEncode(key.getQ().toByteArray()));
        keys.add(TestUtil.hexEncode(key.getP().toByteArray()));
    }
    assertThat(keys).hasSize(2 * numTests);
}
Also used : JwtRsaSsaPssPrivateKey(com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey) TreeSet(java.util.TreeSet) JwtRsaSsaPssKeyFormat(com.google.crypto.tink.proto.JwtRsaSsaPssKeyFormat) ByteString(com.google.protobuf.ByteString) Test(org.junit.Test)

Example 5 with JwtRsaSsaPssPrivateKey

use of com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method signWithTinkKeyAndCustomKid_fails.

@Test
public void signWithTinkKeyAndCustomKid_fails() throws Exception {
    // KeysetHandle.generateNew is too slow in Tsan.
    assumeFalse(TestUtil.isTsan());
    KeyTemplate template = KeyTemplates.get("JWT_PS256_2048_F4");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    // Create a new handle with the "kid" value set.
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtRsaSsaPssPrivateKey privateKey = JwtRsaSsaPssPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    JwtRsaSsaPssPublicKey publicKeyWithKid = privateKey.getPublicKey().toBuilder().setCustomKid(CustomKid.newBuilder().setValue("Lorem ipsum dolor sit amet, consectetur adipiscing elit").build()).build();
    JwtRsaSsaPssPrivateKey privateKeyWithKid = privateKey.toBuilder().setPublicKey(publicKeyWithKid).build();
    KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(privateKeyWithKid.toByteString()).build();
    Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
    KeysetHandle handleWithKid = CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
    JwtPublicKeySign signerWithKid = handleWithKid.getPrimitive(JwtPublicKeySign.class);
    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
    assertThrows(JwtInvalidException.class, () -> signerWithKid.signAndEncode(rawToken));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) JwtRsaSsaPssPublicKey(com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey) JwtRsaSsaPssPrivateKey(com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey) KeyTemplate(com.google.crypto.tink.KeyTemplate) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Aggregations

JwtRsaSsaPssPrivateKey (com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey)8 JwtRsaSsaPssKeyFormat (com.google.crypto.tink.proto.JwtRsaSsaPssKeyFormat)4 JwtRsaSsaPssPublicKey (com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey)4 Keyset (com.google.crypto.tink.proto.Keyset)4 ByteString (com.google.protobuf.ByteString)4 Test (org.junit.Test)4 CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)3 KeyTemplate (com.google.crypto.tink.KeyTemplate)3 KeysetHandle (com.google.crypto.tink.KeysetHandle)3 Theory (org.junit.experimental.theories.Theory)3 JwtRsaSsaPssAlgorithm (com.google.crypto.tink.proto.JwtRsaSsaPssAlgorithm)2 KeyData (com.google.crypto.tink.proto.KeyData)2 Enums (com.google.crypto.tink.subtle.Enums)2 RsaSsaPssSignJce (com.google.crypto.tink.subtle.RsaSsaPssSignJce)2 JsonObject (com.google.gson.JsonObject)2 RSAPrivateCrtKey (java.security.interfaces.RSAPrivateCrtKey)2 TreeSet (java.util.TreeSet)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial