Example 26 with KeyData
use of com.google.crypto.tink.proto.KeyData in project tink by google.
the class JwtRsaSsaPssSignKeyManagerTest method signWithTinkKeyAndCustomKid_fails.
@Test
public void signWithTinkKeyAndCustomKid_fails() throws Exception {
// KeysetHandle.generateNew is too slow in Tsan.
assumeFalse(TestUtil.isTsan());
KeyTemplate template = KeyTemplates.get("JWT_PS256_2048_F4");
KeysetHandle handle = KeysetHandle.generateNew(template);
// Create a new handle with the "kid" value set.
Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
JwtRsaSsaPssPrivateKey privateKey = JwtRsaSsaPssPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
JwtRsaSsaPssPublicKey publicKeyWithKid = privateKey.getPublicKey().toBuilder().setCustomKid(CustomKid.newBuilder().setValue("Lorem ipsum dolor sit amet, consectetur adipiscing elit").build()).build();
JwtRsaSsaPssPrivateKey privateKeyWithKid = privateKey.toBuilder().setPublicKey(publicKeyWithKid).build();
KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(privateKeyWithKid.toByteString()).build();
Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
KeysetHandle handleWithKid = CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
JwtPublicKeySign signerWithKid = handleWithKid.getPrimitive(JwtPublicKeySign.class);
RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
assertThrows(JwtInvalidException.class, () -> signerWithKid.signAndEncode(rawToken));
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle)
Keyset(com.google.crypto.tink.proto.Keyset)
JwtRsaSsaPssPublicKey(com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey)
JwtRsaSsaPssPrivateKey(com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey)
KeyTemplate(com.google.crypto.tink.KeyTemplate)
KeyData(com.google.crypto.tink.proto.KeyData)
Test(org.junit.Test)
Example 27 with KeyData
use of com.google.crypto.tink.proto.KeyData in project tink by google.
the class JwtHmacKeyManagerTest method macWithTinkKeyAndCustomKid_fails.
@Test
public void macWithTinkKeyAndCustomKid_fails() throws Exception {
KeyTemplate template = KeyTemplates.get("JWT_HS256");
KeysetHandle handle = KeysetHandle.generateNew(template);
// Create a new handle with the "kid" value set.
Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
JwtHmacKey hmacKey = JwtHmacKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
JwtHmacKey hmacKeyWithKid = hmacKey.toBuilder().setCustomKid(CustomKid.newBuilder().setValue("Lorem ipsum dolor sit amet, consectetur adipiscing elit").build()).build();
KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(hmacKeyWithKid.toByteString()).build();
Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
KeysetHandle handleWithKid = CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
JwtMac jwtMacWithKid = handleWithKid.getPrimitive(JwtMac.class);
RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
assertThrows(JwtInvalidException.class, () -> jwtMacWithKid.computeMacAndEncode(rawToken));
}
Also used :
KeysetHandle(com.google.crypto.tink.KeysetHandle)
CleartextKeysetHandle(com.google.crypto.tink.CleartextKeysetHandle)
Keyset(com.google.crypto.tink.proto.Keyset)
JwtHmacKey(com.google.crypto.tink.proto.JwtHmacKey)
KeyTemplate(com.google.crypto.tink.KeyTemplate)
KeyData(com.google.crypto.tink.proto.KeyData)
Test(org.junit.Test)
Example 28 with KeyData
use of com.google.crypto.tink.proto.KeyData in project tink by google.
the class JwtHmacKeyManagerTest method getRfc7515ExampleKeysetHandle.
private static KeysetHandle getRfc7515ExampleKeysetHandle() throws Exception {
String keyValue = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow";
JwtHmacKey key = JwtHmacKey.newBuilder().setVersion(0).setAlgorithm(JwtHmacAlgorithm.HS256).setKeyValue(ByteString.copyFrom(Base64.urlSafeDecode(keyValue))).build();
KeyData keyData = KeyData.newBuilder().setTypeUrl("type.googleapis.com/google.crypto.tink.JwtHmacKey").setValue(key.toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.SYMMETRIC).build();
Keyset.Key keySetKey = Keyset.Key.newBuilder().setKeyData(keyData).setKeyId(123).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.RAW).build();
Keyset keyset = Keyset.newBuilder().addKey(keySetKey).setPrimaryKeyId(123).build();
return CleartextKeysetHandle.fromKeyset(keyset);
}
Also used :
Keyset(com.google.crypto.tink.proto.Keyset)
JwtHmacKey(com.google.crypto.tink.proto.JwtHmacKey)
ByteString(com.google.protobuf.ByteString)
KeyData(com.google.crypto.tink.proto.KeyData)
Example 29 with KeyData
use of com.google.crypto.tink.proto.KeyData in project tink by google.
the class KeysetHandle method getKeys.
/**
* Returns the keyset data as a list of {@link KeyHandle}s.
*/
public List<KeyHandle> getKeys() {
ArrayList<KeyHandle> result = new ArrayList<>();
for (Keyset.Key key : keyset.getKeyList()) {
KeyData keyData = key.getKeyData();
result.add(new InternalKeyHandle(new ProtoKey(keyData, KeyTemplate.fromProto(key.getOutputPrefixType())), key.getStatus(), key.getKeyId()));
}
return Collections.unmodifiableList(result);
}
Also used :
EncryptedKeyset(com.google.crypto.tink.proto.EncryptedKeyset)
Keyset(com.google.crypto.tink.proto.Keyset)
InternalKeyHandle(com.google.crypto.tink.tinkkey.internal.InternalKeyHandle)
ProtoKey(com.google.crypto.tink.tinkkey.internal.ProtoKey)
ArrayList(java.util.ArrayList)
KeyHandle(com.google.crypto.tink.tinkkey.KeyHandle)
InternalKeyHandle(com.google.crypto.tink.tinkkey.internal.InternalKeyHandle)
KeyData(com.google.crypto.tink.proto.KeyData)
Example 30 with KeyData
use of com.google.crypto.tink.proto.KeyData in project tink by google.
the class KeysetHandle method createPublicKeyData.
private static KeyData createPublicKeyData(KeyData privateKeyData) throws GeneralSecurityException {
if (privateKeyData.getKeyMaterialType() != KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE) {
throw new GeneralSecurityException("The keyset contains a non-private key");
}
KeyData publicKeyData = Registry.getPublicKeyData(privateKeyData.getTypeUrl(), privateKeyData.getValue());
validate(publicKeyData);
return publicKeyData;
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
KeyData(com.google.crypto.tink.proto.KeyData)
Aggregations
KeyData (com.google.crypto.tink.proto.KeyData)66
Test (org.junit.Test)55
Keyset (com.google.crypto.tink.proto.Keyset)17
KeyTemplate (com.google.crypto.tink.KeyTemplate)16
KeyTemplate (com.google.crypto.tink.proto.KeyTemplate)11
GeneralSecurityException (java.security.GeneralSecurityException)10
ByteString (com.google.protobuf.ByteString)9
TreeSet (java.util.TreeSet)9
AesEaxKey (com.google.crypto.tink.proto.AesEaxKey)7
KeysetReader (com.google.crypto.tink.KeysetReader)6
ProtoKey (com.google.crypto.tink.tinkkey.internal.ProtoKey)6
StringReader (java.io.StringReader)6
KeysetHandle (com.google.crypto.tink.KeysetHandle)5
RsaSsaPssPublicKey (com.google.crypto.tink.proto.RsaSsaPssPublicKey)5
BufferedReader (java.io.BufferedReader)5
RSAPublicKey (java.security.interfaces.RSAPublicKey)5
DummyAead (com.google.crypto.tink.TestUtil.DummyAead)4
EcdsaPrivateKey (com.google.crypto.tink.proto.EcdsaPrivateKey)4
Ed25519PrivateKey (com.google.crypto.tink.proto.Ed25519PrivateKey)4
AesEaxKeyFormat (com.google.crypto.tink.proto.AesEaxKeyFormat)3
