use of com.google.crypto.tink.proto.KeyData in project tink by google.
the class JwtRsaSsaPssSignKeyManagerTest method signWithTinkKeyAndCustomKid_fails.
@Test
public void signWithTinkKeyAndCustomKid_fails() throws Exception {
// KeysetHandle.generateNew is too slow in Tsan.
assumeFalse(TestUtil.isTsan());
KeyTemplate template = KeyTemplates.get("JWT_PS256_2048_F4");
KeysetHandle handle = KeysetHandle.generateNew(template);
// Create a new handle with the "kid" value set.
Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
JwtRsaSsaPssPrivateKey privateKey = JwtRsaSsaPssPrivateKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
JwtRsaSsaPssPublicKey publicKeyWithKid = privateKey.getPublicKey().toBuilder().setCustomKid(CustomKid.newBuilder().setValue("Lorem ipsum dolor sit amet, consectetur adipiscing elit").build()).build();
JwtRsaSsaPssPrivateKey privateKeyWithKid = privateKey.toBuilder().setPublicKey(publicKeyWithKid).build();
KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(privateKeyWithKid.toByteString()).build();
Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
KeysetHandle handleWithKid = CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
JwtPublicKeySign signerWithKid = handleWithKid.getPrimitive(JwtPublicKeySign.class);
RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
assertThrows(JwtInvalidException.class, () -> signerWithKid.signAndEncode(rawToken));
}
use of com.google.crypto.tink.proto.KeyData in project tink by google.
the class JwtHmacKeyManagerTest method macWithTinkKeyAndCustomKid_fails.
@Test
public void macWithTinkKeyAndCustomKid_fails() throws Exception {
KeyTemplate template = KeyTemplates.get("JWT_HS256");
KeysetHandle handle = KeysetHandle.generateNew(template);
// Create a new handle with the "kid" value set.
Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
JwtHmacKey hmacKey = JwtHmacKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
JwtHmacKey hmacKeyWithKid = hmacKey.toBuilder().setCustomKid(CustomKid.newBuilder().setValue("Lorem ipsum dolor sit amet, consectetur adipiscing elit").build()).build();
KeyData keyDataWithKid = keyset.getKey(0).getKeyData().toBuilder().setValue(hmacKeyWithKid.toByteString()).build();
Keyset.Key keyWithKid = keyset.getKey(0).toBuilder().setKeyData(keyDataWithKid).build();
KeysetHandle handleWithKid = CleartextKeysetHandle.fromKeyset(keyset.toBuilder().setKey(0, keyWithKid).build());
JwtMac jwtMacWithKid = handleWithKid.getPrimitive(JwtMac.class);
RawJwt rawToken = RawJwt.newBuilder().setJwtId("jwtId").withoutExpiration().build();
assertThrows(JwtInvalidException.class, () -> jwtMacWithKid.computeMacAndEncode(rawToken));
}
use of com.google.crypto.tink.proto.KeyData in project tink by google.
the class JwtHmacKeyManagerTest method getRfc7515ExampleKeysetHandle.
private static KeysetHandle getRfc7515ExampleKeysetHandle() throws Exception {
String keyValue = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow";
JwtHmacKey key = JwtHmacKey.newBuilder().setVersion(0).setAlgorithm(JwtHmacAlgorithm.HS256).setKeyValue(ByteString.copyFrom(Base64.urlSafeDecode(keyValue))).build();
KeyData keyData = KeyData.newBuilder().setTypeUrl("type.googleapis.com/google.crypto.tink.JwtHmacKey").setValue(key.toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.SYMMETRIC).build();
Keyset.Key keySetKey = Keyset.Key.newBuilder().setKeyData(keyData).setKeyId(123).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.RAW).build();
Keyset keyset = Keyset.newBuilder().addKey(keySetKey).setPrimaryKeyId(123).build();
return CleartextKeysetHandle.fromKeyset(keyset);
}
use of com.google.crypto.tink.proto.KeyData in project tink by google.
the class KeysetHandle method getKeys.
/**
* Returns the keyset data as a list of {@link KeyHandle}s.
*/
public List<KeyHandle> getKeys() {
ArrayList<KeyHandle> result = new ArrayList<>();
for (Keyset.Key key : keyset.getKeyList()) {
KeyData keyData = key.getKeyData();
result.add(new InternalKeyHandle(new ProtoKey(keyData, KeyTemplate.fromProto(key.getOutputPrefixType())), key.getStatus(), key.getKeyId()));
}
return Collections.unmodifiableList(result);
}
use of com.google.crypto.tink.proto.KeyData in project tink by google.
the class KeysetHandle method createPublicKeyData.
private static KeyData createPublicKeyData(KeyData privateKeyData) throws GeneralSecurityException {
if (privateKeyData.getKeyMaterialType() != KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE) {
throw new GeneralSecurityException("The keyset contains a non-private key");
}
KeyData publicKeyData = Registry.getPublicKeyData(privateKeyData.getTypeUrl(), privateKeyData.getValue());
validate(publicKeyData);
return publicKeyData;
}
Aggregations