Search in sources :

Example 26 with KeyData

use of com.google.crypto.tink.proto.KeyData in project tink by google.

the class JwtRsaSsaPssSignKeyManagerTest method signWithTinkKeyAndCustomKid_fails.

@Test
public void signWithTinkKeyAndCustomKid_fails() throws Exception {
    // KeysetHandle.generateNew is too slow in Tsan.
    assumeFalse(TestUtil.isTsan());
    KeyTemplate template = KeyTemplates.get("JWT_PS256_2048_F4");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    // Create a new handle with the "kid" value set.
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtRsaSsaPssPrivateKey privateKey = JwtRsaSsaPssPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    JwtRsaSsaPssPublicKey publicKeyWithKid = privateKey.getPublicKey().toBuilder().setCustomKid(CustomKid.newBuilder().setValue("Lorem ipsum dolor sit amet, consectetur adipiscing elit").build()).build();
    JwtRsaSsaPssPrivateKey privateKeyWithKid = privateKey.toBuilder().setPublicKey(publicKeyWithKid).build();
    KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(privateKeyWithKid.toByteString()).build();
    Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
    KeysetHandle handleWithKid = CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
    JwtPublicKeySign signerWithKid = handleWithKid.getPrimitive(JwtPublicKeySign.class);
    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
    assertThrows(JwtInvalidException.class, () -> signerWithKid.signAndEncode(rawToken));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) JwtRsaSsaPssPublicKey(com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey) JwtRsaSsaPssPrivateKey(com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey) KeyTemplate(com.google.crypto.tink.KeyTemplate) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 27 with KeyData

use of com.google.crypto.tink.proto.KeyData in project tink by google.

the class JwtHmacKeyManagerTest method macWithTinkKeyAndCustomKid_fails.

@Test
public void macWithTinkKeyAndCustomKid_fails() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    // Create a new handle with the "kid" value set.
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtHmacKey hmacKey = JwtHmacKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    JwtHmacKey hmacKeyWithKid = hmacKey.toBuilder().setCustomKid(CustomKid.newBuilder().setValue("Lorem ipsum dolor sit amet, consectetur adipiscing elit").build()).build();
    KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(hmacKeyWithKid.toByteString()).build();
    Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
    KeysetHandle handleWithKid = CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
    JwtMac jwtMacWithKid = handleWithKid.getPrimitive(JwtMac.class);
    RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
    assertThrows(JwtInvalidException.class, () -> jwtMacWithKid.computeMacAndEncode(rawToken));
}
Also used : KeysetHandle(com.google.crypto.tink.KeysetHandle) CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle) Keyset(com.google.crypto.tink.proto.Keyset) JwtHmacKey(com.google.crypto.tink.proto.JwtHmacKey) KeyTemplate(com.google.crypto.tink.KeyTemplate) KeyData(com.google.crypto.tink.proto.KeyData) Test(org.junit.Test)

Example 28 with KeyData

use of com.google.crypto.tink.proto.KeyData in project tink by google.

the class JwtHmacKeyManagerTest method getRfc7515ExampleKeysetHandle.

private static KeysetHandle getRfc7515ExampleKeysetHandle() throws Exception {
    String keyValue = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow";
    JwtHmacKey key = JwtHmacKey.newBuilder().setVersion(0).setAlgorithm(JwtHmacAlgorithm.HS256).setKeyValue(ByteString.copyFrom(Base64.urlSafeDecode(keyValue))).build();
    KeyData keyData = KeyData.newBuilder().setTypeUrl("type.googleapis.com/google.crypto.tink.JwtHmacKey").setValue(key.toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.SYMMETRIC).build();
    Keyset.Key keySetKey = Keyset.Key.newBuilder().setKeyData(keyData).setKeyId(123).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.RAW).build();
    Keyset keyset = Keyset.newBuilder().addKey(keySetKey).setPrimaryKeyId(123).build();
    return CleartextKeysetHandle.fromKeyset(keyset);
}
Also used : Keyset(com.google.crypto.tink.proto.Keyset) JwtHmacKey(com.google.crypto.tink.proto.JwtHmacKey) ByteString(com.google.protobuf.ByteString) KeyData(com.google.crypto.tink.proto.KeyData)

Example 29 with KeyData

use of com.google.crypto.tink.proto.KeyData in project tink by google.

the class KeysetHandle method getKeys.

/**
 * Returns the keyset data as a list of {@link KeyHandle}s.
 */
public List<KeyHandle> getKeys() {
    ArrayList<KeyHandle> result = new ArrayList<>();
    for (Keyset.Key key : keyset.getKeyList()) {
        KeyData keyData = key.getKeyData();
        result.add(new InternalKeyHandle(new ProtoKey(keyData, KeyTemplate.fromProto(key.getOutputPrefixType())), key.getStatus(), key.getKeyId()));
    }
    return Collections.unmodifiableList(result);
}
Also used : EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset) Keyset(com.google.crypto.tink.proto.Keyset) InternalKeyHandle(com.google.crypto.tink.tinkkey.internal.InternalKeyHandle) ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey) ArrayList(java.util.ArrayList) KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle) InternalKeyHandle(com.google.crypto.tink.tinkkey.internal.InternalKeyHandle) KeyData(com.google.crypto.tink.proto.KeyData)

Example 30 with KeyData

use of com.google.crypto.tink.proto.KeyData in project tink by google.

the class KeysetHandle method createPublicKeyData.

private static KeyData createPublicKeyData(KeyData privateKeyData) throws GeneralSecurityException {
    if (privateKeyData.getKeyMaterialType() != KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE) {
        throw new GeneralSecurityException("The keyset contains a non-private key");
    }
    KeyData publicKeyData = Registry.getPublicKeyData(privateKeyData.getTypeUrl(), privateKeyData.getValue());
    validate(publicKeyData);
    return publicKeyData;
}
Also used : GeneralSecurityException(java.security.GeneralSecurityException) KeyData(com.google.crypto.tink.proto.KeyData)

Aggregations

KeyData (com.google.crypto.tink.proto.KeyData)66 Test (org.junit.Test)55 Keyset (com.google.crypto.tink.proto.Keyset)17 KeyTemplate (com.google.crypto.tink.KeyTemplate)16 KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)11 GeneralSecurityException (java.security.GeneralSecurityException)10 ByteString (com.google.protobuf.ByteString)9 TreeSet (java.util.TreeSet)9 AesEaxKey (com.google.crypto.tink.proto.AesEaxKey)7 KeysetReader (com.google.crypto.tink.KeysetReader)6 ProtoKey (com.google.crypto.tink.tinkkey.internal.ProtoKey)6 StringReader (java.io.StringReader)6 KeysetHandle (com.google.crypto.tink.KeysetHandle)5 RsaSsaPssPublicKey (com.google.crypto.tink.proto.RsaSsaPssPublicKey)5 BufferedReader (java.io.BufferedReader)5 RSAPublicKey (java.security.interfaces.RSAPublicKey)5 DummyAead (com.google.crypto.tink.TestUtil.DummyAead)4 EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)4 Ed25519PrivateKey (com.google.crypto.tink.proto.Ed25519PrivateKey)4 AesEaxKeyFormat (com.google.crypto.tink.proto.AesEaxKeyFormat)3