Examples with KeyData com.google.crypto.tink.proto.KeyData used on opensource projects

Search in sources :

Example 46 with KeyData

use of com.google.crypto.tink.proto.KeyData in project tink by google.

the class RegistryTest method testGetPrimitives_KeysetWithDisabledPrimaryKey_shouldThrowException.

@Test
public void testGetPrimitives_KeysetWithDisabledPrimaryKey_shouldThrowException() throws Exception {
    // Create a keyset with a disabled primary key.
    KeyData key1 = Registry.newKeyData(MacKeyTemplates.HMAC_SHA256_128BITTAG);
    KeysetHandle keysetHandle = KeysetHandle.fromKeyset(Keyset.newBuilder().addKey(Keyset.Key.newBuilder().setKeyData(key1).setKeyId(1).setStatus(KeyStatusType.DISABLED).setOutputPrefixType(OutputPrefixType.TINK).build()).setPrimaryKeyId(1).build());
    try {
        Registry.getPrimitives(keysetHandle);
        fail("Invalid keyset. Expect GeneralSecurityException");
    } catch (GeneralSecurityException e) {
        assertExceptionContains(e, "keyset doesn't contain a valid primary key");
    }
}
Also used : GeneralSecurityException(java.security.GeneralSecurityException) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 47 with KeyData

use of com.google.crypto.tink.proto.KeyData in project tink by google.

the class JwkSetConverter method toPublicKeysetHandle.

/**
 * Converts a Json Web Key (JWK) set with public keys into a Tink KeysetHandle.
 *
 * <p>It requires that all keys in the set have the "alg" field set. The currently supported
 * algorithms are ES256, ES384, ES512, RS256, RS384, RS512, PS256, PS384 and PS512. JWK is defined
 * in https://www.rfc-editor.org/rfc/rfc7517.txt.
 */
public static KeysetHandle toPublicKeysetHandle(String jwkSet) throws IOException, GeneralSecurityException {
    JsonObject jsonKeyset;
    try {
        JsonReader jsonReader = new JsonReader(new StringReader(jwkSet));
        jsonReader.setLenient(false);
        jsonKeyset = Streams.parse(jsonReader).getAsJsonObject();
    } catch (IllegalStateException | JsonParseException | StackOverflowError ex) {
        throw new IOException("JWK set is invalid JSON", ex);
    }
    KeysetManager manager = KeysetManager.withEmptyKeyset();
    JsonArray jsonKeys = jsonKeyset.get("keys").getAsJsonArray();
    for (JsonElement element : jsonKeys) {
        JsonObject jsonKey = element.getAsJsonObject();
        String algPrefix = getStringItem(jsonKey, "alg").substring(0, 2);
        KeyData keyData;
        switch(algPrefix) {
            case "RS":
                keyData = convertToRsaSsaPkcs1Key(jsonKey);
                break;
            case "PS":
                keyData = convertToRsaSsaPssKey(jsonKey);
                break;
            case "ES":
                keyData = convertToEcdsaKey(jsonKey);
                break;
            default:
                throw new IOException("unexpected alg value: " + getStringItem(jsonKey, "alg"));
        }
        manager.add(KeyHandle.createFromKey(new ProtoKey(keyData, com.google.crypto.tink.KeyTemplate.OutputPrefixType.RAW), KeyAccess.publicAccess()));
    }
    KeysetInfo info = manager.getKeysetHandle().getKeysetInfo();
    if (info.getKeyInfoCount() <= 0) {
        throw new IOException("empty keyset");
    }
    manager.setPrimary(info.getKeyInfo(0).getKeyId());
    return manager.getKeysetHandle();
}
Also used : JsonObject(com.google.gson.JsonObject) IOException(java.io.IOException) ByteString(com.google.protobuf.ByteString) JsonParseException(com.google.gson.JsonParseException) KeysetInfo(com.google.crypto.tink.proto.KeysetInfo) JsonArray(com.google.gson.JsonArray) KeysetManager(com.google.crypto.tink.KeysetManager) ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey) JsonElement(com.google.gson.JsonElement) StringReader(java.io.StringReader) JsonReader(com.google.gson.stream.JsonReader) KeyData(com.google.crypto.tink.proto.KeyData)

Example 48 with KeyData

use of com.google.crypto.tink.proto.KeyData in project tink by google.

the class SignaturePemKeysetReaderTest method read_onePEM_oneRSAPublicKey_oneECPublicKey_eCPublicKeyShouldBeIgnored.

@Test
public void read_onePEM_oneRSAPublicKey_oneECPublicKey_eCPublicKeyShouldBeIgnored() throws Exception {
    String pem = "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv90Xf/NN1lRGBofJQzJf\n" + "lHvo6GAf25GGQGaMmD9T1ZP71CCbJ69lGIS/6akFBg6ECEHGM2EZ4WFLCdr5byUq\n" + "GCf4mY4WuOn+AcwzwAoDz9ASIFcQOoPclO7JYdfo2SOaumumdb5S/7FkKJ70TGYW\n" + "j9aTOYWsCcaojbjGDY/JEXz3BSRIngcgOvXBmV1JokcJ/LsrJD263WE9iUknZDhB\n" + "K7y4ChjHNqL8yJcw/D8xLNiJtIyuxiZ00p/lOVUInr8C/a2C1UGCgEGuXZAEGAdO\n" + "NVez52n5TLvQP3hRd4MTi7YvfhezRcA4aXyIDOv+TYi4p+OVTYQ+FMbkgoWBm5bq\n" + "wQIDAQAB\n" + "-----END PUBLIC KEY-----\n" + "-----BEGIN PUBLIC KEY-----\n" + "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7BiT5K5pivl4Qfrt9hRhRREMUzj/\n" + "8suEJ7GlMxZfvdcpbi/GhYPuJi8Gn2H1NaMJZcLZo5MLPKyyGT5u3u1VBQ==\n" + "-----END PUBLIC KEY-----\n";
    KeysetReader keysetReader = SignaturePemKeysetReader.newBuilder().addPem(pem, PemKeyType.RSA_PSS_2048_SHA256).build();
    Keyset ks = keysetReader.read();
    Keyset.Key key = ks.getKey(0);
    KeyData keyData = key.getKeyData();
    RsaSsaPssPublicKey publicKeyProto = RsaSsaPssPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    RSAPublicKey publicKey = (RSAPublicKey) PemKeyType.RSA_PSS_2048_SHA256.readKey(new BufferedReader(new StringReader(pem)));
    assertThat(ks.getKeyCount()).isEqualTo(1);
    assertThat(ks.getPrimaryKeyId()).isEqualTo(key.getKeyId());
    assertThat(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    assertThat(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
    assertThat(keyData.getTypeUrl()).isEqualTo(new RsaSsaPssVerifyKeyManager().getKeyType());
    assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
    assertThat(publicKeyProto.getParams().getSigHash()).isEqualTo(HashType.SHA256);
    assertThat(publicKeyProto.getParams().getMgf1Hash()).isEqualTo(HashType.SHA256);
    assertThat(publicKeyProto.getParams().getSaltLength()).isEqualTo(32);
    assertThat(publicKeyProto.getN().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getModulus()).toByteArray());
    assertThat(publicKeyProto.getE().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(publicKey.getPublicExponent()).toByteArray());
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) RsaSsaPssPublicKey(com.google.crypto.tink.proto.RsaSsaPssPublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) KeysetReader(com.google.crypto.tink.KeysetReader) BufferedReader(java.io.BufferedReader) StringReader(java.io.StringReader) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 49 with KeyData

use of com.google.crypto.tink.proto.KeyData in project tink by google.

the class SignaturePemKeysetReaderTest method read_ensureUnsignedIntRepresentation.

@Test
public void read_ensureUnsignedIntRepresentation() throws Exception {
    String pem = "-----BEGIN PUBLIC KEY-----\n" + "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1M5IlCiYLvNDGG65DmoErfQTZjWa\n" + "UI/nrGayg/BmQa4f9db4zQRCc5IwErn3JtlLDAxQ8fXUoy99klswBEMZ/A==\n" + "-----END PUBLIC KEY-----";
    KeysetReader keysetReader = SignaturePemKeysetReader.newBuilder().addPem(pem, PemKeyType.ECDSA_P256_SHA256).build();
    Keyset ks = keysetReader.read();
    Keyset.Key key = ks.getKey(0);
    KeyData keyData = key.getKeyData();
    EcdsaPublicKey publicKeyProto = EcdsaPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    assertThat(publicKeyProto.getX().toByteArray()).isEqualTo(TestUtil.hexDecode("D4CE489428982EF343186EB90E6A04ADF41366359A508FE7AC66B283F06641AE"));
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) EcdsaPublicKey(com.google.crypto.tink.proto.EcdsaPublicKey) KeysetReader(com.google.crypto.tink.KeysetReader) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 50 with KeyData

use of com.google.crypto.tink.proto.KeyData in project tink by google.

the class SignaturePemKeysetReaderTest method read_twoPEMs_oneRSAPublicKey_oneECPublicKey_shouldWork.

@Test
public void read_twoPEMs_oneRSAPublicKey_oneECPublicKey_shouldWork() throws Exception {
    String rsaPem = "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv90Xf/NN1lRGBofJQzJf\n" + "lHvo6GAf25GGQGaMmD9T1ZP71CCbJ69lGIS/6akFBg6ECEHGM2EZ4WFLCdr5byUq\n" + "GCf4mY4WuOn+AcwzwAoDz9ASIFcQOoPclO7JYdfo2SOaumumdb5S/7FkKJ70TGYW\n" + "j9aTOYWsCcaojbjGDY/JEXz3BSRIngcgOvXBmV1JokcJ/LsrJD263WE9iUknZDhB\n" + "K7y4ChjHNqL8yJcw/D8xLNiJtIyuxiZ00p/lOVUInr8C/a2C1UGCgEGuXZAEGAdO\n" + "NVez52n5TLvQP3hRd4MTi7YvfhezRcA4aXyIDOv+TYi4p+OVTYQ+FMbkgoWBm5bq\n" + "wQIDAQAB\n" + "-----END PUBLIC KEY-----\n";
    String ecPem = "-----BEGIN PUBLIC KEY-----\n" + "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7BiT5K5pivl4Qfrt9hRhRREMUzj/\n" + "8suEJ7GlMxZfvdcpbi/GhYPuJi8Gn2H1NaMJZcLZo5MLPKyyGT5u3u1VBQ==\n" + "-----END PUBLIC KEY-----\n";
    KeysetReader keysetReader = SignaturePemKeysetReader.newBuilder().addPem(rsaPem, PemKeyType.RSA_PSS_2048_SHA256).addPem(ecPem, PemKeyType.ECDSA_P256_SHA256).build();
    Keyset ks = keysetReader.read();
    assertThat(ks.getKeyCount()).isEqualTo(2);
    Keyset.Key firstKey = ks.getKey(0);
    assertThat(ks.getPrimaryKeyId()).isEqualTo(firstKey.getKeyId());
    KeyData keyData = firstKey.getKeyData();
    RsaSsaPssPublicKey rsaPublicKeyProto = RsaSsaPssPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    RSAPublicKey rsaPublicKey = (RSAPublicKey) PemKeyType.RSA_PSS_2048_SHA256.readKey(new BufferedReader(new StringReader(rsaPem)));
    assertThat(firstKey.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    assertThat(firstKey.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
    assertThat(keyData.getTypeUrl()).isEqualTo(new RsaSsaPssVerifyKeyManager().getKeyType());
    assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
    assertThat(rsaPublicKeyProto.getParams().getSigHash()).isEqualTo(HashType.SHA256);
    assertThat(rsaPublicKeyProto.getParams().getMgf1Hash()).isEqualTo(HashType.SHA256);
    assertThat(rsaPublicKeyProto.getParams().getSaltLength()).isEqualTo(32);
    assertThat(rsaPublicKeyProto.getN().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(rsaPublicKey.getModulus()).toByteArray());
    assertThat(rsaPublicKeyProto.getE().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(rsaPublicKey.getPublicExponent()).toByteArray());
    Keyset.Key secondKey = ks.getKey(1);
    keyData = secondKey.getKeyData();
    EcdsaPublicKey ecPublicKeyProto = EcdsaPublicKey.parseFrom(keyData.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    ECPublicKey ecPublicKey = (ECPublicKey) PemKeyType.ECDSA_P256_SHA256.readKey(new BufferedReader(new StringReader(ecPem)));
    assertThat(secondKey.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    assertThat(secondKey.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
    assertThat(keyData.getTypeUrl()).isEqualTo(new EcdsaVerifyKeyManager().getKeyType());
    assertThat(keyData.getKeyMaterialType()).isEqualTo(KeyMaterialType.ASYMMETRIC_PUBLIC);
    assertThat(ecPublicKeyProto.getParams().getHashType()).isEqualTo(HashType.SHA256);
    assertThat(ecPublicKeyProto.getParams().getCurve()).isEqualTo(EllipticCurveType.NIST_P256);
    assertThat(ecPublicKeyProto.getParams().getEncoding()).isEqualTo(EcdsaSignatureEncoding.DER);
    assertThat(ecPublicKeyProto.getX().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(ecPublicKey.getW().getAffineX()).toByteArray());
    assertThat(ecPublicKeyProto.getY().toByteArray()).isEqualTo(SigUtil.toUnsignedIntByteString(ecPublicKey.getW().getAffineY()).toByteArray());
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) RsaSsaPssPublicKey(com.google.crypto.tink.proto.RsaSsaPssPublicKey) KeysetReader(com.google.crypto.tink.KeysetReader) RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) EcdsaPublicKey(com.google.crypto.tink.proto.EcdsaPublicKey) BufferedReader(java.io.BufferedReader) StringReader(java.io.StringReader) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Aggregations

KeyData (com.google.crypto.tink.proto.KeyData)66 Test (org.junit.Test)55 Keyset (com.google.crypto.tink.proto.Keyset)17 KeyTemplate (com.google.crypto.tink.KeyTemplate)16 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)11 GeneralSecurityException (java.security.GeneralSecurityException)10 ByteString (com.google.protobuf.ByteString)9 TreeSet (java.util.TreeSet)9 AesEaxKey (com.google.crypto.tink.proto.AesEaxKey)7 KeysetReader (com.google.crypto.tink.KeysetReader)6 ProtoKey (com.google.crypto.tink.tinkkey.internal.ProtoKey)6 StringReader (java.io.StringReader)6 KeysetHandle (com.google.crypto.tink.KeysetHandle)5 RsaSsaPssPublicKey (com.google.crypto.tink.proto.RsaSsaPssPublicKey)5 BufferedReader (java.io.BufferedReader)5 RSAPublicKey (java.security.interfaces.RSAPublicKey)5 DummyAead (com.google.crypto.tink.TestUtil.DummyAead)4 EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)4 Ed25519PrivateKey (com.google.crypto.tink.proto.Ed25519PrivateKey)4 AesEaxKeyFormat (com.google.crypto.tink.proto.AesEaxKeyFormat)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial