Examples with Keyset com.google.crypto.tink.proto.Keyset used on opensource projects

Example 46 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class KeysetManagerTest method testPromote_shouldPromote.

// Same tests as for setPrimary() for the deprecated promote(), which should be equivalent.
@Test
public void testPromote_shouldPromote() throws Exception {
    int primaryKeyId = 42;
    int newPrimaryKeyId = 43;
    KeysetHandle handle = KeysetHandle.fromKeyset(TestUtil.createKeyset(createEnabledKey(primaryKeyId), createEnabledKey(newPrimaryKeyId)));
    Keyset keyset = KeysetManager.withKeysetHandle(handle).promote(newPrimaryKeyId).getKeysetHandle().getKeyset();
    assertThat(keyset.getKeyCount()).isEqualTo(2);
    assertThat(keyset.getPrimaryKeyId()).isEqualTo(newPrimaryKeyId);
}

Example 47 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class KeysetManagerTest method testAdd_shouldAddNewKey.

@Test
public void testAdd_shouldAddNewKey() throws Exception {
    KeyTemplate kt = KeyTemplates.get("AES128_GCM");
    Keyset keyset = KeysetManager.withEmptyKeyset().add(kt).getKeysetHandle().getKeyset();
    assertThat(keyset.getKeyCount()).isEqualTo(1);
    // No primary key because add doesn't automatically promote the new key to primary.
    assertThat(keyset.getPrimaryKeyId()).isEqualTo(0);
    Keyset.Key key = keyset.getKey(0);
    assertThat(key.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    assertThat(key.getOutputPrefixType()).isEqualTo(OutputPrefixType.TINK);
    assertThat(key.hasKeyData()).isTrue();
    assertThat(key.getKeyData().getTypeUrl()).isEqualTo(kt.getTypeUrl());
    AesGcmKeyFormat aesGcmKeyFormat = AesGcmKeyFormat.parseFrom(kt.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    AesGcmKey aesGcmKey = AesGcmKey.parseFrom(key.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    assertThat(aesGcmKey.getKeyValue().size()).isEqualTo(aesGcmKeyFormat.getKeySize());
}

Example 48 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class KeysetManagerTest method addKeyHandle_existingKeyset_shouldAddKey.

@Test
public void addKeyHandle_existingKeyset_shouldAddKey() throws Exception {
    KeyTemplate keyTemplate1 = KeyTemplates.get("AES128_GCM_RAW");
    KeyHandle keyHandle1 = KeyHandle.generateNew(keyTemplate1);
    KeysetManager keysetManager = KeysetManager.withEmptyKeyset().add(keyHandle1);
    keysetManager.setPrimary(keyHandle1.getId());
    KeyTemplate keyTemplate2 = KeyTemplates.get("AES256_GCM_RAW");
    KeyHandle keyHandle2 = KeyHandle.generateNew(keyTemplate2);
    keysetManager = keysetManager.add(keyHandle2);
    Keyset keyset = keysetManager.getKeysetHandle().getKeyset();
    expect.that(keyset.getKeyCount()).isEqualTo(2);
    expect.that(keyset.getPrimaryKeyId()).isEqualTo(keyHandle1.getId());
    Keyset.Key key1 = keyset.getKey(0);
    expect.that(key1.getKeyId()).isEqualTo(keyHandle1.getId());
    expect.that(key1.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    expect.that(key1.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
    expect.that(key1.hasKeyData()).isTrue();
    expect.that(key1.getKeyData().getTypeUrl()).isEqualTo(keyTemplate1.getTypeUrl());
    AesGcmKeyFormat aesGcmKeyFormat1 = AesGcmKeyFormat.parseFrom(keyTemplate1.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    AesGcmKey aesGcmKey1 = AesGcmKey.parseFrom(key1.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    expect.that(aesGcmKey1.getKeyValue().size()).isEqualTo(aesGcmKeyFormat1.getKeySize());
    Keyset.Key key2 = keyset.getKey(1);
    expect.that(key2.getKeyId()).isEqualTo(keyHandle2.getId());
    expect.that(key2.getStatus()).isEqualTo(KeyStatusType.ENABLED);
    expect.that(key2.getOutputPrefixType()).isEqualTo(OutputPrefixType.RAW);
    expect.that(key2.hasKeyData()).isTrue();
    expect.that(key2.getKeyData().getTypeUrl()).isEqualTo(keyTemplate2.getTypeUrl());
    AesGcmKeyFormat aesGcmKeyFormat2 = AesGcmKeyFormat.parseFrom(keyTemplate2.getValue(), ExtensionRegistryLite.getEmptyRegistry());
    AesGcmKey aesGcmKey2 = AesGcmKey.parseFrom(key2.getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    expect.that(aesGcmKey2.getKeyValue().size()).isEqualTo(aesGcmKeyFormat2.getKeySize());
}

Example 49 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class JsonKeysetReaderTest method testReadKeyset_hugeKeyId_convertsIntoSignedInt32.

@Test
public void testReadKeyset_hugeKeyId_convertsIntoSignedInt32() throws Exception {
    // 2^32 - 21
    String jsonKeysetString = createJsonKeysetWithId("4294967275");
    Keyset keyset = JsonKeysetReader.withString(jsonKeysetString).read();
    assertThat(keyset.getPrimaryKeyId()).isEqualTo(-21);
}

Example 50 with Keyset

use of com.google.crypto.tink.proto.Keyset in project tink by google.

the class JwtHmacKeyManagerTest method createSignVerifyTink_withDifferentHeaders.

@Test
public void createSignVerifyTink_withDifferentHeaders() throws Exception {
    KeyTemplate template = KeyTemplates.get("JWT_HS256");
    KeysetHandle handle = KeysetHandle.generateNew(template);
    Keyset keyset = CleartextKeysetHandle.getKeyset(handle);
    JwtHmacKey keyProto = JwtHmacKey.parseFrom(keyset.getKey(0).getKeyData().getValue(), ExtensionRegistryLite.getEmptyRegistry());
    byte[] keyValue = keyProto.getKeyValue().toByteArray();
    SecretKeySpec keySpec = new SecretKeySpec(keyValue, "HMAC");
    PrfHmacJce prf = new PrfHmacJce("HMACSHA256", keySpec);
    PrfMac rawPrimitive = new PrfMac(prf, prf.getMaxOutputLength());
    JwtMac primitive = handle.getPrimitive(JwtMac.class);
    String kid = JwtFormat.getKid(keyset.getKey(0).getKeyId(), keyset.getKey(0).getOutputPrefixType()).get();
    JsonObject payload = new JsonObject();
    payload.addProperty("jti", "jwtId");
    JwtValidator validator = JwtValidator.newBuilder().allowMissingExpiration().build();
    // Normal, valid signed compact.
    JsonObject normalHeader = new JsonObject();
    normalHeader.addProperty("alg", "HS256");
    normalHeader.addProperty("kid", kid);
    String normalToken = generateSignedCompact(rawPrimitive, normalHeader, payload);
    primitive.verifyMacAndDecode(normalToken, validator);
    // valid token, with "typ" set in the header
    JsonObject headerWithTyp = new JsonObject();
    headerWithTyp.addProperty("alg", "HS256");
    headerWithTyp.addProperty("typ", "typeHeader");
    headerWithTyp.addProperty("kid", kid);
    String tokenWithTyp = generateSignedCompact(rawPrimitive, headerWithTyp, payload);
    primitive.verifyMacAndDecode(tokenWithTyp, JwtValidator.newBuilder().expectTypeHeader("typeHeader").allowMissingExpiration().build());
    // invalid token without algorithm
    JsonObject headerWithoutAlg = new JsonObject();
    headerWithoutAlg.addProperty("kid", kid);
    String tokenWithoutAlg = generateSignedCompact(rawPrimitive, headerWithoutAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> primitive.verifyMacAndDecode(tokenWithoutAlg, validator));
    // invalid token with a valid but incorrect algorithm in the header
    JsonObject headerWithBadAlg = new JsonObject();
    headerWithBadAlg.addProperty("alg", "RS256");
    headerWithBadAlg.addProperty("kid", kid);
    String tokenWithBadAlg = generateSignedCompact(rawPrimitive, headerWithBadAlg, payload);
    assertThrows(GeneralSecurityException.class, () -> primitive.verifyMacAndDecode(tokenWithBadAlg, validator));
    // token with an unknown "kid" in the header is valid
    JsonObject headerWithUnknownKid = new JsonObject();
    headerWithUnknownKid.addProperty("alg", "HS256");
    headerWithUnknownKid.addProperty("kid", "unknown");
    String tokenWithUnknownKid = generateSignedCompact(rawPrimitive, headerWithUnknownKid, payload);
    assertThrows(GeneralSecurityException.class, () -> primitive.verifyMacAndDecode(tokenWithUnknownKid, validator));
}