Examples with JwtRsaSsaPssPublicKey com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey used on opensource projects

Example 1 with JwtRsaSsaPssPublicKey

use of com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey in project tink by google.

the class JwtRsaSsaPssSignKeyManager method keyFactory.

@Override
public KeyFactory<JwtRsaSsaPssKeyFormat, JwtRsaSsaPssPrivateKey> keyFactory() {
    return new KeyFactory<JwtRsaSsaPssKeyFormat, JwtRsaSsaPssPrivateKey>(JwtRsaSsaPssKeyFormat.class) {

        @Override
        public void validateKeyFormat(JwtRsaSsaPssKeyFormat keyFormat) throws GeneralSecurityException {
            Validators.validateRsaModulusSize(keyFormat.getModulusSizeInBits());
            Validators.validateRsaPublicExponent(new BigInteger(1, keyFormat.getPublicExponent().toByteArray()));
        }

        @Override
        public JwtRsaSsaPssKeyFormat parseKeyFormat(ByteString byteString) throws InvalidProtocolBufferException {
            return JwtRsaSsaPssKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
        }

        @Override
        public JwtRsaSsaPssPrivateKey deriveKey(JwtRsaSsaPssKeyFormat format, InputStream inputStream) {
            throw new UnsupportedOperationException();
        }

        @Override
        public JwtRsaSsaPssPrivateKey createKey(JwtRsaSsaPssKeyFormat format) throws GeneralSecurityException {
            JwtRsaSsaPssAlgorithm algorithm = format.getAlgorithm();
            KeyPairGenerator keyGen = EngineFactory.KEY_PAIR_GENERATOR.getInstance("RSA");
            RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(format.getModulusSizeInBits(), new BigInteger(1, format.getPublicExponent().toByteArray()));
            keyGen.initialize(spec);
            KeyPair keyPair = keyGen.generateKeyPair();
            RSAPublicKey pubKey = (RSAPublicKey) keyPair.getPublic();
            RSAPrivateCrtKey privKey = (RSAPrivateCrtKey) keyPair.getPrivate();
            // Creates JwtRsaSsaPssPublicKey.
            JwtRsaSsaPssPublicKey pssPubKey = JwtRsaSsaPssPublicKey.newBuilder().setVersion(getVersion()).setAlgorithm(algorithm).setE(ByteString.copyFrom(pubKey.getPublicExponent().toByteArray())).setN(ByteString.copyFrom(pubKey.getModulus().toByteArray())).build();
            // Creates JwtRsaSsaPssPrivateKey.
            return JwtRsaSsaPssPrivateKey.newBuilder().setVersion(getVersion()).setPublicKey(pssPubKey).setD(ByteString.copyFrom(privKey.getPrivateExponent().toByteArray())).setP(ByteString.copyFrom(privKey.getPrimeP().toByteArray())).setQ(ByteString.copyFrom(privKey.getPrimeQ().toByteArray())).setDp(ByteString.copyFrom(privKey.getPrimeExponentP().toByteArray())).setDq(ByteString.copyFrom(privKey.getPrimeExponentQ().toByteArray())).setCrt(ByteString.copyFrom(privKey.getCrtCoefficient().toByteArray())).build();
        }

        /**
         * List of default templates to generate tokens with algorithms "PS256", "PS384" or "PS512".
         * Use the template with the "_RAW" suffix if you want to generate tokens without a "kid"
         * header.
         */
        @Override
        public Map<String, KeyFactory.KeyFormat<JwtRsaSsaPssKeyFormat>> keyFormats() {
            Map<String, KeyFactory.KeyFormat<JwtRsaSsaPssKeyFormat>> result = new HashMap<>();
            result.put("JWT_PS256_2048_F4_RAW", createKeyFormat(JwtRsaSsaPssAlgorithm.PS256, 2048, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.RAW));
            result.put("JWT_PS256_2048_F4", createKeyFormat(JwtRsaSsaPssAlgorithm.PS256, 2048, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.TINK));
            result.put("JWT_PS256_3072_F4_RAW", createKeyFormat(JwtRsaSsaPssAlgorithm.PS256, 3072, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.RAW));
            result.put("JWT_PS256_3072_F4", createKeyFormat(JwtRsaSsaPssAlgorithm.PS256, 3072, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.TINK));
            result.put("JWT_PS384_3072_F4_RAW", createKeyFormat(JwtRsaSsaPssAlgorithm.PS384, 3072, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.RAW));
            result.put("JWT_PS384_3072_F4", createKeyFormat(JwtRsaSsaPssAlgorithm.PS384, 3072, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.TINK));
            result.put("JWT_PS512_4096_F4_RAW", createKeyFormat(JwtRsaSsaPssAlgorithm.PS512, 4096, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.RAW));
            result.put("JWT_PS512_4096_F4", createKeyFormat(JwtRsaSsaPssAlgorithm.PS512, 4096, RSAKeyGenParameterSpec.F4, KeyTemplate.OutputPrefixType.TINK));
            return Collections.unmodifiableMap(result);
        }
    };
}

Example 2 with JwtRsaSsaPssPublicKey

use of com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method withCustomKid.

/* Create a new keyset handle with the "custom_kid" value set. */
private KeysetHandle withCustomKid(KeysetHandle keysetHandle, String customKid) throws Exception {
    Keyset keyset = CleartextKeysetHandle.getKeyset(keysetHandle);
    JwtRsaSsaPssPrivateKey privateKey = JwtRsaSsaPssPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    JwtRsaSsaPssPublicKey publicKeyWithKid = privateKey.getPublicKey().toBuilder().setCustomKid(CustomKid.newBuilder().setValue(customKid).build()).build();
    JwtRsaSsaPssPrivateKey privateKeyWithKid = privateKey.toBuilder().setPublicKey(publicKeyWithKid).build();
    KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(privateKeyWithKid.toByteString()).build();
    Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
    return CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
}

Example 3 with JwtRsaSsaPssPublicKey

use of com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method checkKey.

private static void checkKey(JwtRsaSsaPssPrivateKey privateKey) throws Exception {
    JwtRsaSsaPssPublicKey publicKey = privateKey.getPublicKey();
    assertThat(privateKey.getVersion()).isEqualTo(0);
    assertThat(publicKey.getVersion()).isEqualTo(privateKey.getVersion());
    BigInteger p = new BigInteger(1, privateKey.getP().toByteArray());
    BigInteger q = new BigInteger(1, privateKey.getQ().toByteArray());
    BigInteger n = new BigInteger(1, privateKey.getPublicKey().getN().toByteArray());
    BigInteger d = new BigInteger(1, privateKey.getD().toByteArray());
    BigInteger dp = new BigInteger(1, privateKey.getDp().toByteArray());
    BigInteger dq = new BigInteger(1, privateKey.getDq().toByteArray());
    BigInteger crt = new BigInteger(1, privateKey.getCrt().toByteArray());
    assertThat(p).isGreaterThan(BigInteger.ONE);
    assertThat(q).isGreaterThan(BigInteger.ONE);
    assertEquals(n, p.multiply(q));
    assertEquals(dp, d.mod(p.subtract(BigInteger.ONE)));
    assertEquals(dq, d.mod(q.subtract(BigInteger.ONE)));
    assertEquals(crt, q.modInverse(p));
}

Example 4 with JwtRsaSsaPssPublicKey

use of com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method signWithTinkKeyAndCustomKid_fails.

@Test
public void signWithTinkKeyAndCustomKid_fails() throws Exception {
    // KeysetHandle.generateNew is too slow in Tsan.
    assumeFalse(TestUtil.isTsan());
    KeyTemplate template = KeyTemplates.get("JWT_PS256_2048_F4");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    // Create a new handle with the "kid" value set.
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtRsaSsaPssPrivateKey privateKey = JwtRsaSsaPssPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    JwtRsaSsaPssPublicKey publicKeyWithKid = privateKey.getPublicKey().toBuilder().setCustomKid(CustomKid.newBuilder().setValue("Lorem ipsum dolor sit amet, consectetur adipiscing elit").build()).build();
    JwtRsaSsaPssPrivateKey privateKeyWithKid = privateKey.toBuilder().setPublicKey(publicKeyWithKid).build();
    KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(privateKeyWithKid.toByteString()).build();
    Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
    KeysetHandle handleWithKid = CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
    JwtPublicKeySign signerWithKid = handleWithKid.getPrimitive(JwtPublicKeySign.class);
    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
    assertThrows(JwtInvalidException.class, () -> signerWithKid.signAndEncode(rawToken));
}

Example 5 with JwtRsaSsaPssPublicKey

use of com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey in project tink by google.

the class JwtRsaSsaPssVerifyKeyManagerTest method validateKey_ok.

// Note: we use Theory as a parametrized test -- different from what the Theory framework intends.
@Theory
public void validateKey_ok(@FromDataPoints("algorithmParam") JwtRsaSsaPssAlgorithm algorithm, @FromDataPoints("size") int keySize) throws Exception {
    if (TestUtil.isTsan()) {
        // factory.createKey is too slow in Tsan.
        return;
    }
    JwtRsaSsaPssKeyFormat keyFormat = JwtRsaSsaPssKeyFormat.newBuilder().setAlgorithm(algorithm).setModulusSizeInBits(keySize).setPublicExponent(ByteString.copyFrom(RSAKeyGenParameterSpec.F4.toByteArray())).build();
    JwtRsaSsaPssPrivateKey privateKey = factory.createKey(keyFormat);
    JwtRsaSsaPssPublicKey publicKey = signManager.getPublicKey(privateKey);
    verifyManager.validateKey(publicKey);
}