Examples with JwtRsaSsaPssPrivateKey com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey used on opensource projects

Example 6 with JwtRsaSsaPssPrivateKey

use of com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey in project tink by google.

the class JwtRsaSsaPssVerifyKeyManagerTest method validateKey_ok.

// Note: we use Theory as a parametrized test -- different from what the Theory framework intends.
@Theory
public void validateKey_ok(@FromDataPoints("algorithmParam") JwtRsaSsaPssAlgorithm algorithm, @FromDataPoints("size") int keySize) throws Exception {
    if (TestUtil.isTsan()) {
        // factory.createKey is too slow in Tsan.
        return;
    }
    JwtRsaSsaPssKeyFormat keyFormat = JwtRsaSsaPssKeyFormat.newBuilder().setAlgorithm(algorithm).setModulusSizeInBits(keySize).setPublicExponent(ByteString.copyFrom(RSAKeyGenParameterSpec.F4.toByteArray())).build();
    JwtRsaSsaPssPrivateKey privateKey = factory.createKey(keyFormat);
    JwtRsaSsaPssPublicKey publicKey = signManager.getPublicKey(privateKey);
    verifyManager.validateKey(publicKey);
}

Example 7 with JwtRsaSsaPssPrivateKey

use of com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method createCorruptedModulusPrimitive_throws.

// Note: we use Theory as a parametrized test -- different from what the Theory framework intends.
@Theory
public void createCorruptedModulusPrimitive_throws(@FromDataPoints("algorithmParam") JwtRsaSsaPssAlgorithm algorithm, int keySize) throws Exception {
    if (TestUtil.isTsan()) {
        // We do not use assume because Theories expects to find something which is not skipped.
        return;
    }
    JwtRsaSsaPssKeyFormat format = createKeyFormat(algorithm, keySize, RSAKeyGenParameterSpec.F4);
    JwtRsaSsaPssPrivateKey originalKey = factory.createKey(format);
    byte[] originalN = originalKey.getPublicKey().getN().toByteArray();
    originalN[0] = (byte) (originalN[0] ^ 0x01);
    ByteString corruptedN = ByteString.copyFrom(originalN);
    JwtRsaSsaPssPublicKey corruptedPub = JwtRsaSsaPssPublicKey.newBuilder().setVersion(originalKey.getPublicKey().getVersion()).setN(corruptedN).setE(originalKey.getPublicKey().getE()).build();
    JwtRsaSsaPssPrivateKey corruptedKey = JwtRsaSsaPssPrivateKey.newBuilder().setVersion(originalKey.getVersion()).setPublicKey(corruptedPub).setD(originalKey.getD()).setP(originalKey.getP()).setQ(originalKey.getQ()).setDp(originalKey.getDp()).setDq(originalKey.getDq()).setCrt(originalKey.getCrt()).build();
    assertThrows(GeneralSecurityException.class, () -> manager.getPrimitive(corruptedKey, JwtPublicKeySignInternal.class));
}

Example 8 with JwtRsaSsaPssPrivateKey

use of com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method createSignVerify_withDifferentHeaders.

@Test
public void createSignVerify_withDifferentHeaders() throws Exception {
    // creating keys is too slow in Tsan.
    assumeFalse(TestUtil.isTsan());
    KeyTemplate template = KeyTemplates.get("JWT_PS256_2048_F4_RAW");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtRsaSsaPssPrivateKey keyProto = JwtRsaSsaPssPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    RSAPrivateCrtKey privateKey = createPrivateKey(keyProto);
    JwtRsaSsaPssAlgorithm algorithm = keyProto.getPublicKey().getAlgorithm();
    Enums.HashType hash = JwtRsaSsaPssVerifyKeyManager.hashForPssAlgorithm(algorithm);
    int saltLength = JwtRsaSsaPssVerifyKeyManager.saltLengthForPssAlgorithm(algorithm);
    RsaSsaPssSignJce rawSigner = new RsaSsaPssSignJce(privateKey, hash, hash, saltLength);
    JwtPublicKeyVerify verifier = handle.getPublicKeysetHandle().getPrimitive(JwtPublicKeyVerify.class);
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    JsonObject payload = new JsonObject();
    payload.addProperty("jti", "jwtId");
    // valid token, with "typ" set in the header
    JsonObject goodHeader = new JsonObject();
    goodHeader.addProperty("alg", "PS256");
    goodHeader.addProperty("typ", "typeHeader");
    String goodSignedCompact = generateSignedCompact(rawSigner, goodHeader, payload);
    verifier.verifyAndDecode(goodSignedCompact, JwtValidator.newBuilder().expectTypeHeader("typeHeader").allowMissingExpiration().build());
    // invalid token with an empty header
    JsonObject emptyHeader = new JsonObject();
    String emptyHeaderSignedCompact = generateSignedCompact(rawSigner, emptyHeader, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(emptyHeaderSignedCompact, validator));
    // invalid token with a valid but incorrect algorithm in the header
    JsonObject badAlgoHeader = new JsonObject();
    badAlgoHeader.addProperty("alg", "RS256");
    String badAlgoSignedCompact = generateSignedCompact(rawSigner, badAlgoHeader, payload);
    assertThrows(GeneralSecurityException.class, () -> verifier.verifyAndDecode(badAlgoSignedCompact, validator));
    // token with an unknown "kid" in the header is valid
    JsonObject unknownKidHeader = new JsonObject();
    unknownKidHeader.addProperty("alg", "PS256");
    unknownKidHeader.addProperty("kid", "unknown");
    String unknownKidSignedCompact = generateSignedCompact(rawSigner, unknownKidHeader, payload);
    verifier.verifyAndDecode(unknownKidSignedCompact, validator);
}